﻿<!DOCTYPE html>
<html>
  <head>
    <meta charset='utf-8' />
    <title>
      Fortify on Demand Security Review
    </title>
    <style type='text/css'>
body {
    font-family: Metric, Verdana, Helvetica, Arial, sans-serif;
    font-size: 14px;
    color: #000;
    margin: 0;
    padding: 15px;
    position: relative;
}

h2 {
    color: #0079EF;
}

h1, h2, h3 {
    margin: 20px 0 10px;
}

h4, h5, h6 {
    margin: 10px 0;
}

p {
    margin: 0 0 10px;
}

pre {
    display: block;
    padding: 9.5px;
    margin: 0 0 10px;
    font-size: 90%;
    line-height: 1.42857143;
    color: #000;
    word-break: break-all;
    word-wrap: break-word;
    background-color: #F5F7F8;
    border: 1px solid #DCDEDF;
    border-radius: 4px;
    /* portal overrides */
    border-radius: 0;
    background-color: #F1F2F3;
    border-color: #bfbfbf;
}

code {
    padding: 2px 4px;
    font-size: 90%;
    color: #FF454F;
    background-color: #f9f2f4;
    border-radius: 4px;
}

table {
    width: 100%;
    border-collapse: collapse;
    border-spacing: 0;
}

    table tr td {
        vertical-align: top;
    }

    /* tables */
    table.table {
        margin-bottom: 10px;
        table-layout: fixed;
        width: 100%;
    }

        table.table > caption {
            font-size: 1.1em;
            font-weight: bold;
        }

        table.table > thead > tr > th,
        table.table > thead > tr > td,
        table.table > tbody > tr > th,
        table.table > tbody > tr > td,
        table.table > tfoot > tr > th,
        table.table > tfoot > tr > td {
            vertical-align: middle;
            padding: 4px;
            white-space: nowrap;
            overflow: hidden;
            text-overflow: ellipsis;
        }

            table.table > thead > tr > th.allow-wrap,
            table.table > thead > tr > td.allow-wrap,
            table.table > tbody > tr > th.allow-wrap,
            table.table > tbody > tr > td.allow-wrap,
            table.table > tfoot > tr > th.allow-wrap,
            table.table > tfoot > tr > td.allow-wrap {
                white-space: normal;
            }

        table.table > thead {
        }

            table.table > thead > tr {
                background-color: #0079EF;
                color: #fff;
            }

                table.table > thead > tr > th {
                }

                    table.table > thead > tr > th.bg-white {
                        background-color: #fff;
                        color: Black;
                    }

                table.table > thead > tr:not(:first-child) {
                    background-color: #bfbfbf;
                }

        table.table > tfoot {
            border-top: 1px solid #0079EF;
        }

            table.table > tfoot > tr {
                background-color: #fff;
                color: #000;
            }

    table.table-striped {
    }

        table.table-striped > tbody {
        }

            table.table-striped > tbody > tr {
                background-color: #fff;
            }

                table.table-striped > tbody > tr:nth-child(odd) {
                    background-color: #F1F2F3;
                }

    table.table-wrapped {
    }

        table.table-wrapped > tbody {
        }

            table.table-wrapped > tbody > tr {
            }

                table.table-wrapped > tbody > tr > td {
                    white-space: normal;
                    vertical-align: top;
                }

    table.table-condensed {
    }

        table.table-condensed > thead > tr > th,
        table.table-condensed > thead > tr > td,
        table.table-condensed > tbody > tr > th,
        table.table-condensed > tbody > tr > td {
            padding: 2px;
        }

/* grid system */
.container {
    padding-right: 15px;
    padding-left: 15px;
    margin-right: auto;
    margin-left: auto;
}

    .container:before,
    .container:after {
        display: table;
        content: " ";
    }

    .container:after {
        clear: both;
    }

    .container .row {
        margin-right: -15px;
        margin-left: -15px;
    }

        .container .row:before,
        .container .row:after {
            display: table;
            content: " ";
        }

        .container .row:after {
            clear: both;
        }

        .container .row .col-3,
        .container .row .col-4,
        .container .row .col-6,
        .container .row .col-12 {
            position: relative;
            min-height: 1px;
            padding-left: 5px;
            padding-right: 5px;
            float: left;
        }

        .container .row .col-3 {
            width: 25%;
        }

        .container .row .col-4 {
            width: 33.33333333%;
        }

        .container .row .col-6 {
            width: 50%;
        }

        .container .row .col-12 {
            width: 100%;
        }

/* box-sizing workaround; remove once box-sizing is applied at the root element */
.container {
    box-sizing: border-box;
}

    .container .row {
        box-sizing: border-box;
    }

        .container .row .col-3,
        .container .row .col-4,
        .container .row .col-6,
        .container .row .col-12 {
            box-sizing: border-box;
        }

.block-header {
    padding: 4px;
}

/* typography */
.text-primary {
    color: #0079EF;
}

.text-severity-critical {
    color: #e11f26;
}

.text-severity-high {
    color: #f26527;
}

.text-severity-medium {
    color: #f99c1c;
}

.text-severity-low {
    color: #fccc0a;
}

.text-severity-info {
    color: #d7df23;
}

.text-severity-bestpractice {
    color: #d7df23;
}

.text-muted {
    color: #BDBEC0;
}

.bg-primary {
    background-color: #0079EF;
    color: #fff;
}

.bg-gray {
    background-color: #bfbfbf;
    color: #fff;
}

.bg-severity-critical {
    background-color: #e11f26;
    color: #fff;
}

.bg-severity-high {
    background-color: #f26527;
    color: #fff;
}

.bg-severity-medium {
    background-color: #f99c1c;
    color: #fff;
}

.bg-severity-low {
    background-color: #fccc0a;
    color: #fff;
}

.bg-severity-info {
    background-color: #d7df23;
    color: #000;
}

.bg-severity-bestpractice {
    background-color: #d7df23;
    color: #000;
}

.text-left {
    text-align: left;
}

.text-center {
    text-align: center;
}

.text-right {
    text-align: right;
}

.list-unstyled {
    padding-left: 0;
    list-style: none;
}

.small {
    font-size: 85%;
}

.pull-left {
    float: left !important;
}

.pull-right {
    float: right !important;
}

table.summary {
    width: 420px;
}

    table.summary tr {
    }

        table.summary tr td {
            padding: 3px;
        }

table.issue-detail-instances {
}

    table.issue-detail-instances tbody tr.audit-data > td {
        padding: 6px 20px;
    }

.clearfix {
}

    .clearfix:before,
    .clearfix:after {
        content: ' ';
        display: table;
    }

    .clearfix:after {
        clear: both;
    }

.chart {
    border: 2px solid #656668;
    margin: 0 0 8px;
    padding: 10px;
    text-align: center;
}

    .chart h4 {
        text-align: center;
        margin-top: 0;
    }

    .chart table {
        text-align: center;
    }

.fortify-security-rating {
    width: 280px;
    padding: 0;
}

    .fortify-security-rating h4 {
        margin: 4px 0;
    }

    .fortify-security-rating .scan-types {
        display: table;
        table-layout: fixed;
        width: 100%;
        border-top: 2px solid #656668;
        margin-top: 4px;
    }

        .fortify-security-rating .scan-types div {
            display: table-cell;
            width: 50%;
            text-align: left;
            vertical-align: middle;
            padding: 4px 2px;
            height: 24px;
            line-height: 24px;
        }

            .fortify-security-rating .scan-types div:not(:last-child) {
                border-right: 2px solid #656668;
            }

            .fortify-security-rating .scan-types div:only-child {
                padding: 4px 90px;
            }

            .fortify-security-rating .scan-types div img {
                width: 24px;
                height: 24px;
                vertical-align: middle;
                float: right;
                padding: 0 4px;
            }

            .fortify-security-rating .scan-types div:after {
                content: '';
                clear: both;
            }

.static-file-listing {
}

    .static-file-listing thead tr th:nth-child(1) {
        width: 60%;
    }

    .static-file-listing thead td th:nth-child(2),
    .static-file-listing thead td th:nth-child(3) {
        width: 20%;
        text-align: right;
    }

    .static-file-listing tbody tr td:nth-last-child(2),
    .static-file-listing tbody tr td:nth-child(3) {
        text-align: right;
    }

.appendix-security-rating {
}

    .appendix-security-rating thead tr th:nth-child(1) {
        width: 20%;
    }

    .appendix-security-rating thead tr th:nth-child(2) {
        width: 80%;
    }

    .appendix-security-rating tbody tr td {
        height: 60px;
        white-space: normal;
    }

        .appendix-security-rating tbody tr td:first-child {
            background-color: #fff;
            text-align: center;
        }

        .appendix-security-rating tbody tr td:nth-child(2) {
            white-space: normal;
        }

/* syntax highlighting */
.syntax {
    font-family: monospace;
    font-size: 85%;
    margin-bottom: 20px;
}

    .syntax .default {
        color: #000000;
    }

    .syntax .AttackSelection {
        background-color: #B21646;
        color: #FFFFFF;
    }

    .syntax .HeaderName {
        color: #FF454F;
    }

    .syntax .HeaderValue {
        color: #014272;
    }

    .syntax .Comment {
        color: #5BBA36;
    }

    .syntax .Text {
        color: #000;
    }

    .syntax .ElementName {
        color: #B21646;
    }

    .syntax .AttrName {
        color: #FF454F;
    }

    .syntax .AttrValue {
        color: #271782;
    }

    .syntax .JSKeyword {
        color: #014272;
    }

    .syntax .JSComment {
        color: #5BBA36;
    }

    .syntax .StartAtLine {
        color: #E57828;
        font-weight: bold;
        font-family: Metric, Verdana, Helvetica, Arial, sans-serif;
    }

.analysis {
    display: table;
    table-layout: fixed;
    width: 100%;
}

    .analysis .analysis-trace {
        display: table-cell;
        width: 35%;
    }

        .analysis .analysis-trace ul {
            font-size: 85%;
        }

            .analysis .analysis-trace ul li {
                overflow: hidden;
                text-overflow: ellipsis;
                white-space: nowrap;
                padding: 1px 0;
            }

                .analysis .analysis-trace ul li img {
                    vertical-align: middle;
                    width: 16px;
                    height: 16px;
                }

                    .analysis .analysis-trace ul li img[src=""] {
                        visibility: hidden;
                    }

                .analysis .analysis-trace ul li span {
                }

    .analysis .analysis-source {
        display: table-cell;
        width: 65%;
        padding-left: 10px;
    }

        .analysis .analysis-source pre {
            font-size: 85%;
        }

    .analysis .analysis-diagram {
        display: table-cell;
        width: 100%;
    }

        .analysis .analysis-diagram .analysis-diagram-container {
            font-size: 80%;
            display: table;
            margin: 0 auto;
        }

            .analysis .analysis-diagram .analysis-diagram-container .column {
                display: table-cell;
                vertical-align: top;
                /*width: 200px;*/
                position: relative;
            }

                .analysis .analysis-diagram .analysis-diagram-container .column .line {
                    position: absolute;
                    left: 50%;
                    height: 100%;
                    border: 1px dashed #000;
                    z-index: 10;
                }

                .analysis .analysis-diagram .analysis-diagram-container .column:not(:first-child) {
                    padding-left: 15px;
                }

                .analysis .analysis-diagram .analysis-diagram-container .column .entry {
                    background-color: #fff;
                    text-align: center;
                    padding: 0 8px;
                    height: 28px;
                    line-height: 28px;
                    white-space: nowrap;
                    text-overflow: ellipsis;
                    overflow: hidden;
                    border: 1px solid #000;
                    position: relative;
                    z-index: 30;
                }

                    .analysis .analysis-diagram .analysis-diagram-container .column .entry img {
                        position: absolute;
                        top: 6px;
                        left: 5px;
                        width: 16px;
                        height: 16px;
                    }

                    .analysis .analysis-diagram .analysis-diagram-container .column .entry.entry-header {
                        background-color: #BDBEC0;
                    }

                    .analysis .analysis-diagram .analysis-diagram-container .column .entry.entry-source {
                        background-color: rgb(213,216,251);
                    }

                    .analysis .analysis-diagram .analysis-diagram-container .column .entry.entry-sink {
                        background-color: rgb(239,154,151);
                    }

                .analysis .analysis-diagram .analysis-diagram-container .column .child-context {
                    width: 10px;
                    border: 1px solid #000;
                    background-color: #fff;
                    left: 50%;
                    margin-left: -5px;
                    position: absolute;
                    z-index: 30;
                }

                .analysis .analysis-diagram .analysis-diagram-container .column .arrow {
                    z-index: 20;
                    margin-top: -16px;
                    height: 0px;
                    border: 1px solid #000;
                    position: absolute;
                }

                    .analysis .analysis-diagram .analysis-diagram-container .column .arrow.arrow-after-source {
                        border-color: #e11f26;
                    }

                    .analysis .analysis-diagram .analysis-diagram-container .column .arrow.arrow-left {
                        margin-right: 50%;
                        right: 0;
                    }

                        .analysis .analysis-diagram .analysis-diagram-container .column .arrow.arrow-left::before {
                            height: 0;
                            width: 0;
                            border-top: 5px solid transparent;
                            border-bottom: 5px solid transparent;
                            border-right: 10px solid #000;
                            content: '';
                            position: absolute;
                            left: 0;
                            margin-top: -5px;
                            margin-left: -3px;
                        }

                    .analysis .analysis-diagram .analysis-diagram-container .column .arrow.arrow-after-source.arrow-left::before {
                        border-right-color: #e11f26;
                    }

                    .analysis .analysis-diagram .analysis-diagram-container .column .arrow.arrow-right {
                        margin-left: 50%;
                        left: 0;
                    }

                        .analysis .analysis-diagram .analysis-diagram-container .column .arrow.arrow-right::after {
                            height: 0;
                            width: 0;
                            border-top: 5px solid transparent;
                            border-bottom: 5px solid transparent;
                            border-left: 10px solid #000;
                            content: '';
                            position: absolute;
                            right: 0;
                            margin-top: -5px;
                            margin-right: -3px;
                        }

                    .analysis .analysis-diagram .analysis-diagram-container .column .arrow.arrow-after-source.arrow-right::after {
                        border-left-color: #e11f26;
                    }

.page-footer {
    display: none;
}

.application-monitoring-empty-table {
    text-align: center;
    padding: 8px;
    border: solid 1px #000;
    border-collapse: collapse;
}

.rule-details {
}

    .rule-details br:first-child {
        display: none;
    }

    </style>
    <style type='text/css' media='print'>
body {
    width: 720px;
    padding: 0;
}

table.table thead tr,
table.table tbody tr,
table.table tfoot tr {
    page-break-inside: avoid;
}

    table.table thead tr.allow-break,
    table.table tbody tr.allow-break,
    table.table tfoot tr.allow-break {
        page-break-inside: auto;
    }

pre {
    page-break-inside: avoid;
}

img {
    page-break-inside: avoid;
}

.page-footer {
    display: block;
    text-align: center;
    font-size: 90%;
    color: #BDBEC0;
    position: fixed;
    bottom: 0;
}

.page-break {
    page-break-after: always;
}

    .page-break:last-of-type {
        page-break-after: avoid;
    }

    </style>
  </head>
  <body>
<div class="pull-right">
        <img src="" height="64" />
</div>
<div class="clearfix"></div>

<div style="padding-top: 240px;">&nbsp;</div>

<h1>
    Fortify on Demand<br />
    Security Review
</h1>
<span id="title-page" data-bookmark-enabled="true" data-bookmark-level="1" data-bookmark-text="1. Title Page"></span>

<table class="summary">
    <tr>
        <td>Tenant:</td>
        <td>Nestle</td>
    </tr>
    <tr>
        <td>Application:</td>
        <td>Nestle Waters - China</td>
    </tr>
    <tr>
        <td>Release:</td>
        <td>www.nestle-waters.cn</td>
    </tr>
    <tr>
        <td>Latest Analysis:</td>
        <td>2018/02/03 12:24:29 PM</td>
    </tr>
    <tr>
        <td>Latest Assessment Type:</td>
        <td>Basic Dynamic Assessment </td>
    </tr>
</table>

<div style="padding-top: 120px;">&nbsp;</div>

<div class="page-break"></div>
<h2>Executive Summary</h2>
<span id="executive-summary" data-bookmark-enabled="true" data-bookmark-level="1" data-bookmark-text="2. Executive Summary"></span>

<div style="position: relative;">
    <table class="summary">
        <tr>
            <td>Tenant:</td>
            <td>Nestle</td>
        </tr>
        <tr>
            <td>Application:</td>
            <td>Nestle Waters - China</td>
        </tr>
        <tr>
            <td>Release:</td>
            <td>www.nestle-waters.cn</td>
        </tr>
        <tr>
            <td>Business Criticality:</td>
            <td>Low</td>
        </tr>
        <tr>
            <td>SDLC Status:</td>
            <td>Production</td>
        </tr>
        <tr>
            <td>Static Analysis Date:</td>
            <td>---</td>
        </tr>
            <tr>
                <td>Dynamic Analysis Date:</td>
                <td>2018/02/03</td>
            </tr>
    </table>

    <div style="position: absolute; top: 0; right: 0;">
        <div class="chart fortify-security-rating">
    <h4>Fortify on Demand Security Rating</h4>
    <div class="text-center">
                <img src="" height="32" width="32" />
                <img src="" height="32" width="32" />
                <img src="" height="32" width="32" />
                <img src="" height="32" width="32" />
                <img src="" height="32" width="32" />
    </div>
    <div class="small">
        <table>
            <tr>
                <td>8 issues</td>
                <td>Status: Fail</td>
            </tr>
        </table>
    </div>
    <div class="scan-types">
        <div>
            Static:
                    <img src="" />

        </div>
            <div>
                Dynamic:
                        <img src="" />

            </div>
    </div>
</div>


    </div>
</div>

<div class="clearfix"></div>

    <table class="table table-striped table-condensed">
        <caption>Application Details</caption>
            <tr>
                    <td>Enrolment Type: Basic Web Apps</td>
                    <td>Asset Status: Sustain</td>
            </tr>
            <tr>
                    <td>Country or Region: CN</td>
                    <td>DigiPI ID: 1200</td>
            </tr>
            <tr>
                    <td>MSCI Region: Greater China Region</td>
                    <td>Scheduled Scan Week: M</td>
            </tr>
    </table>

<div class="container">
    <div class="row">
        <div class="col-6">
            <div class="chart" style="height: 220px;">
                <h4>Risk Totals by Severity</h4>
                
                <img src="" height="198" width="266" style="margin-left: -40px;" />
            </div>
            <div class="chart" style="height: 280px;">
                <h4>Most Prevalent Issues by Category</h4>
                <img src="" height="258" width="325" />
            </div>
        </div>
        <div class="col-6">
            <div class="chart" style="height: 85px;">
                <h4>Issue Status</h4>
                <table class="table table-striped table-condensed">
                    <thead>
                        <tr>
                            <th>New</th>
                            <th>Existing</th>
                            <th>Reopened</th>
                        </tr>
                    </thead>
                    <tbody>
                        <tr>
                            <td>7</td>
                            <td>1</td>
                            <td>0</td>
                        </tr>
                    </tbody>
                </table>
            </div>
            <div class="chart" style="height: 103px;">
                <h4>Assignment Status</h4>
                <img src="" height="80" width="325" />
            </div>
            <div class="chart" style="height: 125px;">
                <h4>Developer Status</h4>
                <img src="" height="100" width="325" />
            </div>
            <div class="chart" style="height: 124px;">
                <h4>Auditor Status</h4>
                <img src="" height="100" width="325" />
            </div>
        </div>
    </div>
</div>

<div class="page-break"></div>
<h2>Issue Breakdown</h2>
<span id="issue-breakdown" data-bookmark-enabled="true" data-bookmark-level="1" data-bookmark-text="3. Issue Breakdown"></span>

<p>Issues are divided based on their impact (potential damage) and likelihood (probability of identification and exploit).</p>
<p>High impact / high likelihood issues represent the highest priority and present the greatest threat.</p>
<p>Low impact / low likelihood issues are the lowest priority and present the smallest threat.</p>
<p>See Appendix for more information.</p>

<table class="table table-striped text-center">
    <thead>
        <tr>
            <th style="width: 12%;">Rating</th>
            <th style="width: 64%;">Category</th>
            <th style="width: 12%;">Test Type</th>
            <th style="width: 12%;"></th>
        </tr>
    </thead>
    <tbody>
            <tr>
                <td class="bg-severity-critical">Critical</td>
                <td>
                        <a href="#InsecureTransportInsufficientDiffieHellmanStrength">Insecure Transport: Insufficient Diffie Hellman Strength</a>
                </td>
                <td>Dynamic</td>
                <td>1</td>
            </tr>
            <tr>
                <td class="bg-severity-medium">Medium</td>
                <td>
                        <a href="#OftenMisusedWeakSSLCertificate">Often Misused: Weak SSL Certificate</a>
                </td>
                <td>Dynamic</td>
                <td>1</td>
            </tr>
            <tr>
                <td class="bg-severity-low">Low</td>
                <td>
                        <a href="#InsecureDeploymentUnpatchedApplication">Insecure Deployment: Unpatched Application</a>
                </td>
                <td>Dynamic</td>
                <td>1</td>
            </tr>
            <tr>
                <td class="bg-severity-low">Low</td>
                <td>
                        <a href="#InsecureTransportHSTSnotSet">Insecure Transport: HSTS not Set</a>
                </td>
                <td>Dynamic</td>
                <td>1</td>
            </tr>
            <tr>
                <td class="bg-severity-low">Low</td>
                <td>
                        <a href="#InsecureTransportWeakSSLCipher">Insecure Transport: Weak SSL Cipher</a>
                </td>
                <td>Dynamic</td>
                <td>1</td>
            </tr>
            <tr>
                <td class="bg-severity-low">Low</td>
                <td>
                        <a href="#InsecureTransportWeakSSLProtocol">Insecure Transport: Weak SSL Protocol</a>
                </td>
                <td>Dynamic</td>
                <td>2</td>
            </tr>
            <tr>
                <td class="bg-severity-low">Low</td>
                <td>
                        <a href="#SystemInformationLeakExternal">System Information Leak: External</a>
                </td>
                <td>Dynamic</td>
                <td>1</td>
            </tr>
    </tbody>
</table>

    <p>Vulnerabilities in your applications may take some time to remediate, test and move to production. In the meantime, we suggest HPE Application Defender to virtually patch these vulnerabilities. App Defender is installed from the cloud and begins monitoring and protecting your applications in minutes. A free trial is available at www.hpeapplicationdefender.com. The team is ready to help you. Give it a try or contact us at hpeappdefender@hpe.com.</p>

<div class="page-break"></div>
<h2>Issue Breakdown by Analysis Type</h2>
<span id="analysis-type-issue-breakdown" data-bookmark-enabled="true" data-bookmark-level="1" data-bookmark-text="4. Issue Breakdown by Analysis Type"></span>

<p>Issues are divided based on their impact (potential damage) and likelihood (probability of identification and exploit).</p>
<p>High impact / high likelihood issues represent the highest priority and present the greatest threat.</p>
<p>Low impact / low likelihood issues are the lowest priority and present the smallest threat.</p>
<p>See Appendix for more information.</p>

<table class="table table-striped">
    <thead>
        <tr>
            <th style="width: 70%;">Category</th>
            <th style="width: 10%;">Static</th>
            <th style="width: 10%;">Dynamic</th>
                <th style="width: 10%;">Network</th>
        </tr>
    </thead>
    <tbody>
            <tr>
                <td>Insecure Deployment: Unpatched Application</td>
                <td class="text-center">0</td>
                <td class="text-center">1</td>
                    <td class="text-center">0</td>
            </tr>
            <tr>
                <td>Insecure Transport: HSTS not Set</td>
                <td class="text-center">0</td>
                <td class="text-center">1</td>
                    <td class="text-center">0</td>
            </tr>
            <tr>
                <td>Insecure Transport: Insufficient Diffie Hellman Strength</td>
                <td class="text-center">0</td>
                <td class="text-center">1</td>
                    <td class="text-center">0</td>
            </tr>
            <tr>
                <td>Insecure Transport: Weak SSL Cipher</td>
                <td class="text-center">0</td>
                <td class="text-center">1</td>
                    <td class="text-center">0</td>
            </tr>
            <tr>
                <td>Insecure Transport: Weak SSL Protocol</td>
                <td class="text-center">0</td>
                <td class="text-center">2</td>
                    <td class="text-center">0</td>
            </tr>
            <tr>
                <td>Often Misused: Weak SSL Certificate</td>
                <td class="text-center">0</td>
                <td class="text-center">1</td>
                    <td class="text-center">0</td>
            </tr>
            <tr>
                <td>System Information Leak: External</td>
                <td class="text-center">0</td>
                <td class="text-center">1</td>
                    <td class="text-center">0</td>
            </tr>
    </tbody>
    <tfoot>
        <tr>
            <td>Total</td>
            <td class="text-center">0</td>
            <td class="text-center">8</td>
                <td class="text-center">0</td>
        </tr>
    </tfoot>
</table>

<div class="page-break"></div>


<h2>Issue Detail</h2>
<span id="auditor-issue-detail" data-bookmark-enabled="true" data-bookmark-level="1" data-bookmark-text="5. Issue Detail (Extended)"></span>

<p>Below is an enumeration of all issues found in the project. The issues are organized by priority and category and then broken down by the package, namespace, or location in which they occur.</p>
<p>The priority of an issue can be Critical, High, Medium, or Low.</p>
<p>Issues from static analysis reported on at same line number with the same category originate from different taint sources.</p>

    <h3>
            <a name="InsecureTransportInsufficientDiffieHellmanStrength"></a>
        <span>5.1.1</span>
        <span>Insecure Transport: Insufficient Diffie Hellman Strength</span>
        <span class="pull-right text-severity-critical">Critical</span>

    </h3>
    <div>CWE-327</div>
    <div>OWASP Top 10: </div>
    <div>PCI 3.0: </div>
    <h4>Summary</h4>
    <div class="rule-details"><br />Using Diffie Hellman group with prime (<i>p</i> or small prime) of size 1024-bit or less, leaves the server vulnerable to man-in-the middle attack (MitM).<br /><br />Diffie-Hellman key exchange algorithm uses fixed primes as a base for computing the secret key used to secure the communication channel.  The size of the small prime <i>p</i> deployed dictates the security level of the generated key. This in turn defines the effective security provided by the Diffie-Helman key exchange algorithm.   Research indicates that Diffie-Hellman group using prime size of 1024-bit provides only about 77-80 bits of security. Communication channels that are secured using this key are vulnerable to man-in-the-middle attack.  All anonymous, ephermeral and fixed Diffie-Hellman key exchange algorithms <b>except</b> for Elliptical-Curve Diffie-Hellman (ECDHE) key exchange are vulnerable to this attack.<br /><br />

WebInspect has detected the target server using Diffie-Hellman small prime <i>p</i> of size <b>1024</b> bits  in ciphersuite:<br /><b>TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)</b>. <br /><br />  The server may thus be vulnerable to eavesdropping and/or man-in-the-middle attacks. <br /></div>
        <h4>Explanation</h4>
        <div class="rule-details"><br />Using Diffie Hellman group with prime (<i>p</i> or small prime) of size 1024-bit or less, leaves the server vulnerable to man-in-the middle attack (MitM).</div>
        <h4>Recommendation</h4>
        <div class="rule-details"><br /><ul><li>Disable the use of export cipher suites.</li><li>Ensure that the servers use strong Diffie Hellman group with prime of size 2048-bit or more.</li><li>Reject any connections that accept Diffie-Hellman primes smaller than 1024-bit.</li><li>Deploy Elliptic-Curve Diffie-Hellman (ECDHE) key exchange.</li></ul></div>
        <h4>References</h4>
        <div class="rule-details"><br /><a href="http://dl.acm.org/citation.cfm?id=2813707">Imperfect Forward Secrecy: How Difﬁe-Hellman Fails in Practice </a><br /><br /></div>
    <div class="page-break"></div>
    <h4>Instances</h4>
    <div>
        <span class="text-primary">Insecure Transport: Insufficient Diffie Hellman Strength</span>
        <span class="pull-right text-severity-critical">Critical</span>
    </div>
        <table class="table table-striped table-condensed issue-detail-instances">
            <thead>
                <tr>
                    <td class="text-left block-header">Location</td>
                </tr>
            </thead>
            <tbody class="small">
                    <tr>
                        <td>
                                    <span><a href="#0336effea76b458abd1ad123ecb10a1d">ID 46409650</a>  - https:​/​/www​.nestle-waters​.cn:443​/Content​/js​/jquery-ui-datepicker​.js</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>



            </td>
        </tr>
            </tbody>
        </table>
    <div class="page-break"></div>
    <h3>
            <a name="OftenMisusedWeakSSLCertificate"></a>
        <span>5.2.1</span>
        <span>Often Misused: Weak SSL Certificate</span>
        <span class="pull-right text-severity-medium">Medium</span>

    </h3>
    <div>CWE-296</div>
    <div>OWASP Top 10: </div>
    <div>PCI 3.0: </div>
    <h4>Summary</h4>
    <div class="rule-details"><br />WebInspect has identified a self-signed certificate served from the target server. Server certificates declare the public key of the server for use in transport layer security. Trusted third-party vendors known as Certificate Authority (CA) sign and issue the certificates to ensure that they are authentic and contain the public key of the intended server. The public key of the root CA is embedded in the operating system (OS) by the vendor (e.g., in Windows by Microsoft or in Mac OS by Apple). Upon receipt of a certificate, the client (e.g., a web browser) verifies the identity with the OS’s embedded trusted CA. In case of a self-signed certificate, the certificate is signed using its own private key, hence losing the ability for a client to verify its identity with a trusted CA. Since there is no third-party verification possible, an attacker can mount a man-in-the-middle impersonation attack by issuing a certificate with fake details and a public key that he controls.  
<br /><br />
The client generates a security warning for a self-signed certificate, which a user can override. Users can inspect the certificate before allowing it to be trusted. However, a legitimate self-signed certificate from the intended site can encourage an insecure practice of overriding self-signed certificate warnings without inspecting details, which in turn can make users more susceptible to impersonation attacks.</div>
        <h4>Explanation</h4>
        <div class="rule-details">An attacker can perform a successful man-in-the-middle attack, luring users to communicate with fake sites and in turn compromising secrecy and integrity of sensitive data. Further, since there is no third-party verification for self-signed certificates, revoking a compromised certificate could be difficult. A security issue such as Heartbleed could require servers to revoke their certificates to ensure effectiveness of bug remediation.</div>
        <h4>Execution</h4>
        <div class="rule-details">Browse to https://www.nestle-waters.cn:443/Content/js/slider.js. Inspect the signing authority of the certificate.</div>
        <h4>Recommendation</h4>
        <div class="rule-details">Replace self-signed certificate with a certificate authority (CA) signed certificate Production environment should not deploy self-signed certificates.</div>
        <h4>References</h4>
        <div class="rule-details"><br /><b>OWASP:</b><br /><a href="https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet">Transport Layer Protection Cheat Sheet</a><br /><br /><b>Research:</b><br /><a href="https://www.thawte.com/assets/documents/whitepaper/hidden-costs-self-signed-ssl-certificates.pdf">Hidden costs of self-signed-ssl-certificates</a><br /></div>
    <div class="page-break"></div>
    <h4>Instances</h4>
    <div>
        <span class="text-primary">Often Misused: Weak SSL Certificate</span>
        <span class="pull-right text-severity-medium">Medium</span>
    </div>
        <table class="table table-striped table-condensed issue-detail-instances">
            <thead>
                <tr>
                    <td class="text-left block-header">Location</td>
                </tr>
            </thead>
            <tbody class="small">
                    <tr>
                        <td>
                                    <span><a href="#0aa784393424495b8bec8f36600a2c7f">ID 46409646</a>  - https:​/​/www​.nestle-waters​.cn:443​/Content​/js​/slider​.js</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>



            </td>
        </tr>
            </tbody>
        </table>
    <div class="page-break"></div>
    <h3>
            <a name="InsecureDeploymentUnpatchedApplication"></a>
        <span>5.3.1</span>
        <span>Insecure Deployment: Unpatched Application</span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
    <div>CWE-713, CWE-200</div>
    <div>OWASP Top 10: A1, A9</div>
    <div>PCI 3.0: 6.2 Ensure all system components and software are protected from known vulnerabilities</div>
    <h4>Summary</h4>
    <div class="rule-details">WebInspect detected the use of an ActiveX object. This could indicate a vulnerability is present if a vulnerable public version of the Microsoft Active Template was utilized. There are three vulnerabilities in the public versions of the Microsoft Active Template Library (ATL) included with Visual Studio. Applications and components created with these versions of ATL are vulnerable to remote code execution and information disclosure attacks.  Visual Studio itself is not vulnerable to these issues. In these three vulnerabilities, ATL processes data incorrectly which can lead to memory corruption, information disclosure, and instantiation of objects without regard to security policy. After Visual Studio is patched, it will no longer create applications and components with these vulnerabilities. However, applications and components compiled using the vulnerable version of ATL need to be rebuilt with the safe version released by Microsoft. Recommendations include applying any relevant service pack or patch as listed in the Fix section, then recompiling and redistrubiting any software created prior to the update. If you have already applied the proper fix, then this vulnerability can safely be ignored.</div>
        <h4>Explanation</h4>
        <div class="rule-details"><br />Any application compiled using the vulnerable active template could be subject to code execution and information disclosure vulnerabilities.</div>
        <h4>Recommendation</h4>
        <div class="rule-details"><br />Apply the appropriate fix via Microsoft Update or directly from Microsoft at the locations listed below. Be aware that developers must recompile any software created prior to this update and redistribute it to users. Otherwise, such software could still be vulnerable. If you have already applied the proper fix, then this vulnerability can safely be ignored.

<br /><br />
Microsoft Visual Studio .NET 2003 Service Pack 1 <br /><a href="http://www.microsoft.com/downloads/details.aspx?FamilyID=63ce454e-f69c-44e3-89fb-eb23c2e2154e">http://www.microsoft.com/downloads/details.aspx?FamilyID=63ce454e-f69c-44e3-89fb-eb23c2e2154e</a><br /><br />

Microsoft Visual Studio 2005 Service Pack 1 <br /><a href="http://www.microsoft.com/downloads/details.aspx?FamilyID=7c8729dc-06a2-4538-a90d-ff9464dc0197">http://www.microsoft.com/downloads/details.aspx?FamilyID=7c8729dc-06a2-4538-a90d-ff9464dc0197</a><br /><br />

Microsoft Visual Studio 2005 Service Pack 1 64-bit Hosted Visual C++ Tools <br /><a href="http://www.microsoft.com/downloads/details.aspx?FamilyID=43f96f2a-69c6-4c5e-b72c-0edfa35f4fc2">http://www.microsoft.com/downloads/details.aspx?FamilyID=43f96f2a-69c6-4c5e-b72c-0edfa35f4fc2</a><br /><br />

Microsoft Visual Studio 2008 <br /><a href="http://www.microsoft.com/downloads/details.aspx?familyid=8f9da646-94dd-469d-baea-a4306270462c">http://www.microsoft.com/downloads/details.aspx?familyid=8f9da646-94dd-469d-baea-a4306270462c</a><br /><br />

Microsoft Visual Studio 2008 Service Pack 1 <br /><a href="http://www.microsoft.com/downloads/details.aspx?familyid=294de390-3c94-49fb-a014-9a38580e64cb">http://www.microsoft.com/downloads/details.aspx?familyid=294de390-3c94-49fb-a014-9a38580e64cb</a><br /><br />

Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package <br /><a href="http://www.microsoft.com/downloads/details.aspx?familyid=766a6af7-ec73-40ff-b072-9112bab119c2">http://www.microsoft.com/downloads/details.aspx?familyid=766a6af7-ec73-40ff-b072-9112bab119c2</a><br /><br />

Microsoft Visual C++ 2008 Redistributable Package <br /><a href="http://www.microsoft.com/downloads/details.aspx?familyid=8b29655e-9da4-4b6b-9ac5-687ca0770f93">http://www.microsoft.com/downloads/details.aspx?familyid=8b29655e-9da4-4b6b-9ac5-687ca0770f93</a><br /><br />

Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package <br /><a href="http://www.microsoft.com/downloads/details.aspx?familyid=2051a0c1-c9b5-4b0a-a8f5-770a549fd78c">http://www.microsoft.com/downloads/details.aspx?familyid=2051a0c1-c9b5-4b0a-a8f5-770a549fd78c</a></div>
        <h4>References</h4>
        <div class="rule-details"><br /><b>Microsoft:</b><br /><a href="http://msdn.microsoft.com/en-us/ee309358.aspx">Active Template Library Security Update for Developers
</a><br /><a href="http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx">Microsoft Security Bulletin MS09-035</a><br /><br /><b>CVE:</b><br /><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0901">CVE-2009-0901</a><br /><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2493">CVE-2009-2493</a><br /><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2495">CVE-2009-2495</a><br /><br /></div>
    <div class="page-break"></div>
    <h4>Instances</h4>
    <div>
        <span class="text-primary">Insecure Deployment: Unpatched Application</span>
        <span class="pull-right text-severity-low">Low</span>
    </div>
        <table class="table table-striped table-condensed issue-detail-instances">
            <thead>
                <tr>
                    <td class="text-left block-header">Location</td>
                </tr>
            </thead>
            <tbody class="small">
                    <tr>
                        <td>
                                    <span><a href="#f0afaf86ed444236a8b437b0221396d2">ID 40959854</a>  - https:​/​/www​.nestle-waters​.cn:443​/content​/game​/index​.html</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>



            </td>
        </tr>
            </tbody>
        </table>
    <div class="page-break"></div>
    <h3>
            <a name="InsecureTransportHSTSnotSet"></a>
        <span>5.3.2</span>
        <span>Insecure Transport: HSTS not Set</span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
    <div>CWE-319</div>
    <div>OWASP Top 10: </div>
    <div>PCI 3.0: </div>
    <h4>Summary</h4>
    <div class="rule-details"><br />Http Strict Transport Security  (HSTS) policy enables web applications to enforce web browsers to restrict communication with the server over an encrypted SSL/TLS connection for a set period. Policy is declared via special Strict Transport Security response header. Encrypted connection protects sensitive user and session data from attackers eavesdropping on network connection. 
<br /> 
Consider following attack scenarios:
<br /><ul><li>Users often omit the URI scheme i.e. https:// when typing a URL in location bar to access a website. Also third party websites can link to the site using the “http” scheme instead of "”https”. This could result in an initial connection to a HTTPS-enabled site over an unencrypted channel. An eavesdropping attacker can hijack this unencrypted connection and replace the intended use of HTTPS protocol with HTTP in an attack known as SSLStrip, granting unauthorized access to all subsequent traffic. </li><li>Websites often transfer non-sensitive resources such as help documents over an unencrypted HTTP connection. Any cookies without a secure flag are sent along with such requests potentially disclosing sensitive user and session data to eavesdropper.</li><li>Man-in-the-Middle attacks that exploit user tendencies to override invalid certification warnings, e.g. SSLSniff. </li></ul><br />
For web sites configured with an accurate HSTS policy, browsers automatically upgrade any HTTP connections to HTTPS. Furthermore, browsers prevent users from overriding any host certificate warnings. HSTS offers an effective defense against above attack scenarios.</div>
        <h4>Explanation</h4>
        <div class="rule-details">A successful MiTM attack such as SSLStrip or SSLsniff can lead to the compromise of sensitive user data such as financial information, Social Security Number, personal information etc. as well as grant unauthorized access to user accounts enabling attackers to perform privileged actions on client’s behalf.</div>
        <h4>Execution</h4>
        <div class="rule-details">Access location https://www.nestle-waters.cn:443/Content/js/slider.js and notice the absence of the  Strict Transport Security header in the HTTP response.</div>
        <h4>Recommendation</h4>
        <div class="rule-details">Configure the web application under test to include Strict Transport Security header in every response generated by an HTTPS-enabled site. Any HTTP version of site on the same domain should permanently redirect to the secure encrypted site. Header should not be added to HTTP response as browsers will ignore it.
<br /><br />
It is important to note that this header does not prevent from above mentioned attack scenarios during the very first connection to the site or any connections established after the set period has expired. To prevent such a scenario, the site must be added to the pre-loaded HSTS hosts list embedded in both Google Chrome and Mozilla Firefox browsers.</div>
        <h4>References</h4>
        <div class="rule-details"><br /><a href="http://tools.ietf.org/html/rfc6797">http://tools.ietf.org/html/rfc6797</a></div>
    <div class="page-break"></div>
    <h4>Instances</h4>
    <div>
        <span class="text-primary">Insecure Transport: HSTS not Set</span>
        <span class="pull-right text-severity-low">Low</span>
    </div>
        <table class="table table-striped table-condensed issue-detail-instances">
            <thead>
                <tr>
                    <td class="text-left block-header">Location</td>
                </tr>
            </thead>
            <tbody class="small">
                    <tr>
                        <td>
                                    <span><a href="#a39ac2a58bf14818805a885a3903e698">ID 46409644</a>  - https:​/​/www​.nestle-waters​.cn:443​/Content​/js​/slider​.js</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>



            </td>
        </tr>
            </tbody>
        </table>
    <div class="page-break"></div>
    <h3>
            <a name="InsecureTransportWeakSSLCipher"></a>
        <span>5.3.3</span>
        <span>Insecure Transport: Weak SSL Cipher</span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
    <div>CWE-327, CWE-326, CWE-319</div>
    <div>OWASP Top 10: </div>
    <div>PCI 3.0: 4.1 Use strong cryptography and security protocols, 6.5.4 Insecure Communications</div>
    <h4>Summary</h4>
    <div class="rule-details">WebInspect has detected support for weak TLS/SSL ciphers on server <b>https://www.nestle-waters.cn:443/</b> .
<br /><br />
The Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols provide a mechanism to help protect authenticity, confidentiality and integrity of the data transmitted between a client and web server. The strength of this protection mechanism is determined by the authentication, encryption and hashing algorithms, collectively known as a cipher suite, chosen for the transmission of sensitive information over the TLS/SSL channel. Most Web servers support a range of such cipher suites of varying strengths. Using a weak cipher or an encryption key of insufficient length, for example, could allow an attacker to defeat the protection mechanism and steal or modify sensitive information. 
<br /><br />
If misconfigured, a web server could be manipulated into choosing weak cipher suites. Recommendations include updating the web server configuration to always choose the strongest ciphers for encryption.</div>
        <h4>Explanation</h4>
        <div class="rule-details">A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current methods and resources. An attacker may be able to execute a man-in-the-middle attack which would allow them to intercept, monitor and tamper with sensitive data.</div>
        <h4>Execution</h4>
        <div class="rule-details"><br />Each weak cipher was enumerated by establishing an SSL connection with the target host and specifying the cipher to test in the Client Hello message of the SSL handshake.</div>
        <h4>Recommendation</h4>
        <div class="rule-details">Disable support for weak ciphers on the server. Weak ciphers are generally defined as:
<ul><li>Any cipher with key length less than 128 bits</li><li>Export-class cipher suites</li><li>NULL ciphers</li><li>Ciphers that support unauthenticated modes</li><li>Ciphers assessed at security strenghts below 112 bits</li><li>All RC4 ciphers</li><li>All 64-bit block ciphers</li></ul>
 
The following ciphers supported by the server are weak and should be disabled:<br /><b><ul><li>TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)</li><li>TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)</li><li>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)</li></ul></b><br /><br />The weak cipher list above also includes ciphers that enable conditions for SWEET32 cipher attacks.  The vulnerability affects all 64-bit block ciphers such as 3DES and Blowfish.  The vulnerability is independent of the number of keys and/or the key length used in the cipher.  It could allow attackers to obtain cleartext data from long-lived encrypted sessions.  The vulnerability is identified by CVE-2016-2183 and CVE-2016-6329. <br/><br/>The following 64-bit block ciphers should be removed from the target server configuration to prevent SWEET32 attacks:<br/> <b><ul><li>TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)</li><li>TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)</li><li>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)</li></ul></b><br/><ul><li>For Apache, modify the following lines in httpd.conf or ssl.conf:</li><ul><li>SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!NULL:!RC4:!RC2:!DES:!3DES+HIGH:+MEDIUM</li></ul><li>For IIS, please refer to Microsoft Knowledge Base Articles:</li><ul><li>Article ID: 187498</li><li>Article ID: 245030 and</li><li>Security Guidance for IIS</li><li>Article ID: 2868725</li></ul><li>For other servers, please refer to vendor specific documentation.</li></ul><br />
The following ciphers supported by the server should provide adequate protection and may be left enabled:<br /><b><ul><li>TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)</li><li>TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)</li><li>TLS_RSA_WITH_AES_256_CBC_SHA (0x35)</li><li>TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)</li><li>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)</li><li>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)</li><li>TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)</li><li>TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)</li><li>TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)</li><li>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)</li><li>TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)</li><li>TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)</li><li>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)</li><li>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)</li><li>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)</li><li>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)</li></ul></b></div>
        <h4>References</h4>
        <div class="rule-details"><br /><b>OWASP:</b><br /><a href="https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet">Transport Layer Protection Cheat Sheet</a><br /><br /><b>PCI Security Standards Council:</b><br /><a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">PCI DSS v3.1</a><br /><br /><b>CVE</b><br /><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566f">CVE-2013-2566</a><br /><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183">CVE-2016-2183</a><br /><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6329">CVE-2016-6329</a><br /><br /><b>NIST</b><br /><a href="http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf">NIST Special Publication 800-131A</a><br /><br /><b>Microsoft:</b><br /><a href="https://support.microsoft.com/en-us/kb/2868725">Knowledge Base Article ID: 2868725</a><br /><a href="http://support.microsoft.com/kb/187498">Knowledge Base Article ID: 187498</a><br /><a href="http://support.microsoft.com/kb/245030/">Knowledge Base Article ID: 245030</a><br /><a href="http://technet.microsoft.com/en-us/library/dd450371%28WS.10%29.aspx">Security Guidance for IIS</a><br /><br /><b>Apache:</b><br /><a href="http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html">SSL/TLS Strong Encryption: FAQ</a><br /><br /><b>RC4:</b><br /><a href="https://www.schneier.com/blog/archives/2013/03/new_rc4_attack.html">New RC4 Attack</a><br /><br /><b>ACM CCS '16</b><br /><a href="http://dl.acm.org/citation.cfm?id=2978423">On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN</a></div>
    <div class="page-break"></div>
    <h4>Instances</h4>
    <div>
        <span class="text-primary">Insecure Transport: Weak SSL Cipher</span>
        <span class="pull-right text-severity-low">Low</span>
    </div>
        <table class="table table-striped table-condensed issue-detail-instances">
            <thead>
                <tr>
                    <td class="text-left block-header">Location</td>
                </tr>
            </thead>
            <tbody class="small">
                    <tr>
                        <td>
                                    <span><a href="#26c872540bb747c08c07bdbf5b3246f1">ID 46409647</a>  - https:​/​/www​.nestle-waters​.cn:443​/Content​/js​/jquery-ui-datepicker​.js</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>



            </td>
        </tr>
            </tbody>
        </table>
    <div class="page-break"></div>
    <h3>
            <a name="InsecureTransportWeakSSLProtocol"></a>
        <span>5.3.4</span>
        <span>Insecure Transport: Weak SSL Protocol</span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
    <div>CWE-327</div>
    <div>OWASP Top 10: </div>
    <div>PCI 3.0: </div>
    <h4>Summary</h4>
    <div class="rule-details"><br />
The Transport Layer Security (TLS) protocol provides a protection mechanism to better protect authenticity, confidentiality and integrity of the data transmitted between a client and a web server.  The TLS protocol has undergone various revisions resulting in periodic version updates. Each revision tries to address security weakness in prior versions and incorporate support for the latest in security measures.  It is strongly recommended to use the latest version of the available protocol, whenever possible. 
<br /><br />
TLS 1.0 is considered insecure as it lacks support for strong ciphersuites and is known to be plagued by several known vulnerabilities.  It either uses RC4 cipher, which is prone to bias attacks or uses Cipher Block Chaining (CBC) mode cipher, which enables condition for POODLE (Padding Oracle On Downgraded Legacy Encryption) attacks. 
<br /><br />
NIST Special Publication 800-52 Revision 1 no longer considers TLS 1.0 as strong cryptography.  TLS 1.0 is also no longer in compliance with PCI DSS v3.1 requirements.  PCI does not consider TLS 1.0 to be adequate to protect cardholder data and has deprecated its use starting June 2016.

<br /><b>Update: PCI DSS has extended deadline for migration to TLS1.1 or above to June 30, 2018. However, an early migration is recommended  to ensure security of your data and applications.</b><br /><br /><i>WebInspect has detected conditions that could enable POODLE on the target server.  The vulnerability is implementation dependent. It affects connections using certain TLS implementations that don't properly check the structure of the padding used in TLS packets. This could allow sensitive data transmitted on TLS connection to be leaked to a malicious user. The attack is identified by CVE-2014-8730.</i><br />
Use of insecure protocol versions will weaken the strength of the transport protection and could allow an attacker to compromise, steal or modify sensitive information. Configuring the web server to use the most secure protocol, TLS 1.1 or TLS 1.2 is highly recommended.
<br /></div>
        <h4>Explanation</h4>
        <div class="rule-details"><br />Use of a weak protocol such as TLS 1.0 leaves the connection vulnerable to man-in-the-middle attacks.  This would allow the attacker to read and modify data on a secure TLS connection, thus compromising user security and privacy.  Its use would also limit the use of strong cipher suites that help protect data integrity and confidentiality.</div>
        <h4>Recommendation</h4>
        <div class="rule-details"><br />Disable support for the TLS 1.0 protocol on the server.  Both NIST 800-52  and PCI DSS v3.1 strongly recommend upgrade to the latest version of TLS available, TLS 1.2.    Or, at a minimum an upgrade to TLS 1.1.

<ul><li>For Apache, modify the following lines in the server configuration</li><ul><li>SSLProtocol ALL –SSLv2 -SSLv3 -TLSv1</li></ul><li>For Nginx, modify the following lines in server configuration:</li><ul><li>ssl_protocols TLSv1.1 TLSv1.2;</li></ul><li>For IIS, please refer to Microsoft Knowledge Base Articles:</li><ul><li><a href="’https://technet.microsoft.com/library/security/3009008’">https://technet.microsoft.com/library/security/3009008</a></li></ul><li>For other servers, please refer to vendor specific documentation.</li></ul>Please Note: Not all implementations of TLS are affected by POODLE.  Please ensure the TLS implementation in use on the target server is not vulnerable to POODLE. Remove CBC mode ciphers to prevent the POODLE attack if applicable.</div>
        <h4>References</h4>
        <div class="rule-details"><br /><b>OWASP:</b><br /><a href="https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet">Transport Layer Protection Cheat Sheet</a><br /><br /><b>NIST:</b><br /><a href="http://www.nist.gov/customcf/get_pdf.cfm?pub_id=915856">NIST SP 800-52 Revision 1</a><br /><br /><b>PCI Security Standards Council:</b><br /><a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">PCI DSS v3.1</a><br /><a href="https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_Early_TLS_Information%20Supplement_v1.pdf">Migrating from SSL and Early TLS</a><br /><a href="https://www.pcisecuritystandards.org/pdfs/15_03_25_PCI_SSC_FAQ_SSL_Protocol_Vulnerability_Revisions_to_PCI_DSS_PAD.pdf">PCI SSC FAQ on impending revisions to PCI DSS, PA-DSS to address SSL protocol vulnerability</a><br /><br /><b>Microsoft:</b><br /><a href="http://support.microsoft.com/kb/187498">Knowledge Base Article ID: 187498</a><br /><a href="http://support.microsoft.com/kb/245030/">Knowledge Base Article ID: 245030</a><br /><a href="http://technet.microsoft.com/en-us/library/dd450371%28WS.10%29.aspx">Security Guidance for IIS</a><br /><br /><b>Apache:</b><br /><a href="http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html">SSL/TLS Strong Encryption: FAQ</a><br /><br /><b>CVE-2014-8730</b><br /><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8730">CVE-2014-8730</a><br /><br /><b>POODLE Vulnerability Expands Beyond SSLv3 to TLS 1.0 and 1.1</b><br /><a href="https://www.globalsign.com/en/blog/poodle-vulnerability-expands-beyond-sslv3-to-tls/">https://www.globalsign.com/en/blog/poodle-vulnerability-expands-beyond-sslv3-to-tls/</a><br /><br /><b>TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks</b><br /><a href="https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00">https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00l</a><br /></div>
    <div class="page-break"></div>
    <h4>Instances</h4>
    <div>
        <span class="text-primary">Insecure Transport: Weak SSL Protocol</span>
        <span class="pull-right text-severity-low">Low</span>
    </div>
        <table class="table table-striped table-condensed issue-detail-instances">
            <thead>
                <tr>
                    <td class="text-left block-header">Location</td>
                </tr>
            </thead>
            <tbody class="small">
                    <tr>
                        <td>
                                    <span><a href="#cd472378bdeb463f8e272d02c6d37322">ID 46409648</a>  - https:​/​/www​.nestle-waters​.cn:443​/Content​/js​/jquery-ui-datepicker​.js</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>



            </td>
        </tr>
                    <tr>
                        <td>
                                    <span><a href="#c16ea3a23fa940f9932dd7c211fdc9da">ID 46409649</a>  - https:​/​/www​.nestle-waters​.cn:443​/Content​/js​/jquery-ui-datepicker​.js</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>



            </td>
        </tr>
            </tbody>
        </table>
    <div class="page-break"></div>
    <h3>
            <a name="SystemInformationLeakExternal"></a>
        <span>5.3.5</span>
        <span>System Information Leak: External</span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
    <div>CWE-200</div>
    <div>OWASP Top 10: </div>
    <div>PCI 3.0: </div>
    <h4>Summary</h4>
    <div class="rule-details">Robots.txt is a file that system administrators place on webservers that instructs automated crawling engines such as Google and Altavista to not index or crawl certain portions of the site, usually because they would cause the site's web applications to malfunction, or because they contain sensitive information or applications that should not be displayed in search engine results.</div>
        <h4>Explanation</h4>
        <div class="rule-details"><br />An attacker can use the information in the robots.txt file to determine where sensitive or "hidden" application or information is on the site.</div>
        <h4>Execution</h4>
        <div class="rule-details"><br /><a href="https://www.nestle-waters.cn:443/robots.txt">https://www.nestle-waters.cn:443/robots.txt</a></div>
        <h4>Recommendation</h4>
        <div class="rule-details"><br />If robots.txt is not needed, then remove it. If the file is needed, then ensure that it does not contain the locations of hidden or sensitive applications.</div>
        <h4>References</h4>
        <div class="rule-details"><br />Hacker Text File<br /><a href="http://packetstormsecurity.nl/docs/hack/robots.txt.advisory">http://packetstormsecurity.nl/docs/hack/robots.txt.advisory</a></div>
    <div class="page-break"></div>
    <h4>Instances</h4>
    <div>
        <span class="text-primary">System Information Leak: External</span>
        <span class="pull-right text-severity-low">Low</span>
    </div>
        <table class="table table-striped table-condensed issue-detail-instances">
            <thead>
                <tr>
                    <td class="text-left block-header">Location</td>
                </tr>
            </thead>
            <tbody class="small">
                    <tr>
                        <td>
                                    <span><a href="#58d33a0184ae4b758968bd128c4e8c65">ID 46409651</a>  - https:​/​/www​.nestle-waters​.cn:443​/robots​.txt</span>

                        </td>
                    </tr>
        <tr class="audit-data allow-break">
            <td colspan="1">
                <table>
                    <tr>
                        <td style="width: 25%;">Assigned To: Not Set</td>
                        <td style="width: 37.5%;">Developer Status: Not Set</td>
                        <td style="width: 37.5%;">Auditor Status: Not Set</td>
                    </tr>
                </table>



            </td>
        </tr>
            </tbody>
        </table>
    <div class="page-break"></div>



<h2>Request and Response</h2>
<span id="request-response" data-bookmark-enabled="true" data-bookmark-level="1" data-bookmark-text="6. Dynamic Request &amp; Response"></span>

<p>Below is an enumeration of all dynamic issues with their request and response sections.</p>

    <h3>
        <span>6.1.1</span>
        <span>
                <a href="#InsecureTransportInsufficientDiffieHellmanStrength">Insecure Transport: Insufficient Diffie Hellman Strength</a>
        </span>
        <span class="pull-right text-severity-critical">Critical</span>

    </h3>
        <div class="block-header bg-primary">
                <a name="0336effea76b458abd1ad123ecb10a1d"></a>
            ID 46409650 - https://www.nestle-waters.cn:443/Content/js/jquery-ui-datepicker.js
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET /Content/js/jquery-ui-datepicker.js HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Referer:</span><span class='HeaderValue'> https://www.nestle-waters.cn/</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.nestle-waters.cn</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> */*</span></div>
<div class='line'><span class='HeaderName'>Accept-Language:</span><span class='HeaderValue'> en-US,en;q=0.5</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>X-AscRawUrl:</span><span class='HeaderValue'> /Content/js/jquery-ui-datepicker.js</span></div>
<div class='line'><span class='HeaderName'>Pragma:</span><span class='HeaderValue'> no-cache</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> Keep-Alive</span></div>
<div class='line'><span class='HeaderName'>X-Scan-Memo:</span><span class='HeaderValue'> ScriptEngine="Gecko"; Category="Crawl"; SID="0852CE834409D71D0EE727BC033BD7AF"; PSID="E6566F613CE4F66E9B05E7E15D094F46"; SessionType="Crawl"; CrawlType="ScriptInclude"; AttackType="None"; OriginatingEngineID="00000000-0000-0000-0000-000000000000"; ThreadId="639"; ThreadType="JScriptEvent"; </span></div>
<div class='line'><span class='HeaderName'>X-RequestManager-Memo:</span><span class='HeaderValue'> sid="1315"; smi="0"; sc="1"; ID="b40a2e58-e05c-45f7-b85a-d4bf653e42ca"; </span></div>
<div class='line'><span class='HeaderName'>X-Request-Memo:</span><span class='HeaderValue'> ID="0c273360-60eb-4c1a-8554-f373be7a6a8f"; sc="1"; ThreadId="639"; </span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> CustomCookie=WebInspect122860ZX38A625F6A3164D32AE7BC3B51B1FE5DBY1470;ASP.</span></div>
<div class='line'><span class='HeaderValue'>NET_SessionId=aao3hmd1pwqfgni02sutpakq;TS011e36f3=01851f6ed5c2b4c3df2c91699f2279</span></div>
<div class='line'><span class='HeaderValue'>7499cf1794437a2436c30bb69fc2fc58cbdf8ff0152188afc668897bac21c90e212d3caf6730</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 200 OK</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> application/javascript</span></div>
<div class='line'><span class='HeaderName'>Last-Modified:</span><span class='HeaderValue'> Fri, 06 Nov 2015 02:29:16 GMT</span></div>
<div class='line'><span class='HeaderName'>Accept-Ranges:</span><span class='HeaderValue'> bytes</span></div>
<div class='line'><span class='HeaderName'>ETag:</span><span class='HeaderValue'> "0668fee3a18d11:0"</span></div>
<div class='line'><span class='HeaderName'>Vary:</span><span class='HeaderValue'> Accept-Encoding</span></div>
<div class='line'><span class='HeaderName'>X-Powered-By:</span><span class='HeaderValue'> ASP.NET</span></div>
<div class='line'><span class='HeaderName'>Date:</span><span class='HeaderValue'> Fri, 02 Feb 2018 13:39:52 GMT</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 51754</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>/*!</span></div>
<div class='line'><span class='default'> * jQuery UI 1.8.18</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)</span></div>
<div class='line'><span class='default'> * Dual licensed under the MIT or GPL Version 2 licenses.</span></div>
<div class='line'><span class='default'> * http://jquery.org/license</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * http://docs.jquery.com/UI</span></div>
<div class='line'><span class='default'> */(function(a,b){function d(b){return!a(b).parents().andSelf().filter(function(){return a.curCSS(this,"visibility")==="hidden"||a.expr.filters.hidden(this)}).</span></div>
<div class='line'><span class='default'>length}function c(b,c){var </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>b.nodeName.toLowerCase</span><span class='default'>();if("area"===e){var </span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>b.parentNode</span><span class='default'>,</span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>f.name</span><span class='default'>,h;if(!b.href||!g||f.nodeName.toLowerCase()!=="map")retur</span></div>
<div class='line'><span class='default'>n!1;</span><span class='AttrName'>h</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>("img[</span><span class='AttrName'>usemap</span><span class='default'>=</span><span class='AttrValue'>#</span><span class='default'>"+g+"]")[0];return!!h&&d(h)}return(/input|select|textarea|b</span></div>
<div class='line'><span class='default'>utton|object/.test(e)?!b.disabled:"a"==e?b.href||c:c)&&d(b)}a.</span><span class='AttrName'>ui</span><span class='default'>=</span><span class='AttrValue'>a.ui</span><span class='default'>||{};</span></div>
<div class='line'><span class='default'>a.ui.version||(a.extend(a.ui,{version:"1.8.18",keyCode:{ALT:18,BACKSPACE:</span></div>
<div class='line'><span class='default'>8,CAPS_LOCK:20,COMMA:188,COMMAND:91,COMMAND_LEFT:91,COMMAND_RIGHT:93,CONTROL:</span></div>
<div class='line'><span class='default'>17,DELETE:46,DOWN:40,END:35,ENTER:13,ESCAPE:27,HOME:36,INSERT:45,LEFT:</span></div>
<div class='line'><span class='default'>37,MENU:93,NUMPAD_ADD:107,NUMPAD_DECIMAL:110,NUMPAD_DIVIDE:111,NUMPAD_ENTER:</span></div>
<div class='line'><span class='default'>108,NUMPAD_MULTIPLY:106,NUMPAD_SUBTRACT:109,PAGE_DOWN:34,PAGE_UP:33,PERIOD:</span></div>
<div class='line'><span class='default'>190,RIGHT:39,SHIFT:16,SPACE:32,TAB:9,UP:38,WINDOWS:91}}),a.fn.extend({propAttr:</span></div>
<div class='line'><span class='default'>a.fn.prop||a.fn.attr,_focus:a.fn.focus,focus:function(b,c){return typeof b=="number"?this.each(function(){var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;setTimeout(function(){a(d).focus(),c&&c.call(d)},b)}):this._focus.</span></div>
<div class='line'><span class='default'>apply(this,arguments)},scrollParent:function(){var b;a.browser.msie&&/(static|relative)/.test(this.css("position"))||/absolute/.</span></div>
<div class='line'><span class='default'>test(this.css("position"))?</span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>this.parents</span><span class='default'>().filter(function(){return/(relative|a</span></div>
<div class='line'><span class='default'>bsolute|fixed)/.test(a.curCSS(this,"position",1))&&/(auto|scroll)/.test(a.</span></div>
<div class='line'><span class='default'>curCSS(this,"overflow",1)+a.curCSS(this,"overflow-y",1)+a.curCSS(this,"overflow-</span></div>
<div class='line'><span class='default'>x",1))}).eq(0):</span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>this.parents</span><span class='default'>().filter(function(){return/(auto|scroll)/.</span></div>
<div class='line'><span class='default'>test(a.curCSS(this,"overflow",1)+a.curCSS(this,"overflow-y",1)+a.curCSS(this,"ov</span></div>
<div class='line'><span class='default'>erflow-x",1))}).eq(0);return/fixed/.test(this.css("position"))||!b.length?a(docu</span></div>
<div class='line'><span class='default'>ment):b},zIndex:function(c){if(c!==b)return this.css("zIndex",c);if(this.length){var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>(this[0]),e,f;while(d.length&&d[0]!==document){</span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>d.css</span><span class='default'>("position");</span></div>
<div class='line'><span class='default'>if(e==="absolute"||e==="relative"||e==="fixed"){</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>parseInt</span><span class='default'>(d.css("zIndex"),10);</span></div>
<div class='line'><span class='default'>if(!isNaN(f)&&f!==0)return f}</span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>d.parent</span><span class='default'>()}}return 0},disableSelection:function(){return this.bind((a.support.selectstart?"selectstart":"mousedown")+".ui-disableSelectio</span></div>
<div class='line'><span class='default'>n",function(a){a.preventDefault()})},enableSelection:function(){return this.unbind(".ui-disableSelection")}}),a.each(["Width","Height"],function(c,d){f</span></div>
<div class='line'><span class='default'>unction h(b,c,d,f){a.each(e,function(){c-=parseFloat(a.curCSS(b,"padding"+this,!0))||0,d</span></div>
<div class='line'><span class='default'>&&(c-=parseFloat(a.curCSS(b,"border"+this+"Width",!0))||0),f&&(c-=parseFloat(a.</span></div>
<div class='line'><span class='default'>curCSS(b,"margin"+this,!0))||0)});return c}var </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>d</span><span class='default'>==="Width"?["Left","Right"]:["Top","Bottom"],</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>d.toLowerCase</span><span class='default'>(),g={innerWidth:</span></div>
<div class='line'><span class='default'>a.fn.innerWidth,innerHeight:a.fn.innerHeight,outerWidth:a.fn.outerWidth,outerHei</span></div>
<div class='line'><span class='default'>ght:a.fn.outerHeight};a.fn["inner"+d]=function(c){if(c===b)return g["inner"+d].call(this);return this.each(function(){a(this).css(f,h(this,c)+"px")})},a.fn["outer"+d]=function(b</span></div>
<div class='line'><span class='default'>,c){if(typeof b!="number")return g["outer"+d].call(this,b);return this.each(function(){a(this).css(f,h(this,b,!0,c)+"px")})}}),a.extend(a.</span></div>
<div class='line'><span class='default'>expr[":"],{data:function(b,c,d){return!!a.data(b,d[3])},focusable:function(b){re</span></div>
<div class='line'><span class='default'>turn c(b,!isNaN(a.attr(b,"tabindex")))},tabbable:function(b){var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>a.attr</span><span class='default'>(b,"tabindex"),</span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>isNaN</span><span class='default'>(d);return(e||d></span><span class='Text'>=0)&&c(b,!e)}}),a(function(){var b=document.body,c=b.appendChild(c=document.createElement("div"));c.offsetHeight,</span></div>
<div class='line'><span class='Text'>a.extend(c.style,{minHeight:"100px",height:"auto",padding:0,borderWidth:</span></div>
<div class='line'><span class='Text'>0}),a.support.minHeight=c.offsetHeight===100,a.support.selectstart="onselectstar</span></div>
<div class='line'><span class='Text'>t"in c,b.removeChild(c).style.display="none"}),a.extend(a.ui,{plugin:{add:function(b,</span></div>
<div class='line'><span class='Text'>c,d){var e=a.ui[b].prototype;for(var f in d)e.plugins[f]=e.plugins[f]||[],e.plugins[f].push([c,d[f]])},call:function(a,b,c</span></div>
<div class='line'><span class='Text'>){var d=a.plugins[b];if(!!d&&!!a.element[0].parentNode)for(var e=0;e</span><span class='default'>&lt;</span><span class='ElementName'>d</span><span class='default'>.length;e++)a.options[d[e][0]]&&d[e][1].apply(a.element,c)}},contains:</span></div>
<div class='line'><span class='default'>function(a,b){return document.compareDocumentPosition?a.compareDocumentPosition(b)&16:a!==b&</span></div>
<div class='line'><span class='default'>&a.contains(b)},hasScroll:function(b,c){if(a(b).css("overflow")==="hidden")retur</span></div>
<div class='line'><span class='default'>n!1;var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>c</span><span class='default'>&&c==="left"?"scrollLeft":"scrollTop",e=!1;if(b[d]></span><span class='Text'>0)return!0;b[d]=1,e=b[d]></span></div>
<div class='line'><span class='Text'>0,b[d]=0;return e},isOverAxis:function(a,b,c){return a>b&&a</span><span class='default'>&lt;</span><span class='ElementName'>b</span><span class='default'>+c},isOver:function(b,c,d,e,f,g){return a.ui.isOverAxis(b,d,f)&&a.ui.isOverAxis(c,e,g)}}))})(jQuery);/*!</span></div>
<div class='line'><span class='default'> * jQuery UI Widget 1.8.18</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)</span></div>
<div class='line'><span class='default'> * Dual licensed under the MIT or GPL Version 2 licenses.</span></div>
<div class='line'><span class='default'> * http://jquery.org/license</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * http://docs.jquery.com/UI/Widget</span></div>
<div class='line'><span class='default'> */(function(a,b){if(a.cleanData){var </span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>a.cleanData</span><span class='default'>;a.</span><span class='AttrName'>cleanData</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(b){for(var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>0</span><span class='default'>,e;(</span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>b</span><span class='default'>[d])!=null;d++)try{a(e).triggerHandler("remove")}catch(f){}c(b)}}else{</span></div>
<div class='line'><span class='default'>var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>a.fn.remove</span><span class='default'>;a.fn.</span><span class='AttrName'>remove</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(b,c){return this.each(function(){c||(!b||a.filter(b,[this]).length)&&a("*",this).add([this])</span></div>
<div class='line'><span class='default'>.each(function(){try{a(this).triggerHandler("remove")}catch(b){}});return d.call(a(this),b,c)})}}a.</span><span class='AttrName'>widget</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(b,c,d){var </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>b.split</span><span class='default'>(".")[0],f;</span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>b.split</span><span class='default'>(".")[1],</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>e</span><span class='default'>+"-"+b,d||(</span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>c</span><span class='default'>,</span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>a.Widget</span><span class='default'>),a.</span></div>
<div class='line'><span class='default'>expr[":"][f]=function(c){return!!a.data(c,b)},a[e]=a[e]||{},a[e][b]=function(a,b</span></div>
<div class='line'><span class='default'>){arguments.length&&this._createWidget(a,b)};var </span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>new</span><span class='default'> c;g.</span><span class='AttrName'>options</span><span class='default'>=</span><span class='AttrValue'>a.extend</span><span class='default'>(!0,{},g.options),a[e][b].</span><span class='AttrName'>prototype</span><span class='default'>=</span><span class='AttrValue'>a.extend</span><span class='default'>(!0,g,{namespace</span></div>
<div class='line'><span class='default'>:e,widgetName:b,widgetEventPrefix:a[e][b].prototype.widgetEventPrefix||b,widgetB</span></div>
<div class='line'><span class='default'>aseClass:f},d),a.widget.bridge(b,a[e][b])},a.widget.</span><span class='AttrName'>bridge</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(c,d){a.</span></div>
<div class='line'><span class='default'>fn[c]=function(e){var </span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>typeof</span><span class='default'> e=="string",</span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>Array.prototype.slice.call</span><span class='default'>(arguments,1),</span><span class='AttrName'>h</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;e=!f&&g.length?a.</span></div>
<div class='line'><span class='default'>extend.apply(null,[!0,e].concat(g)):e;if(f&&e.charAt(0)==="_")return h;f?this.each(function(){var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>a.data</span><span class='default'>(this,c),</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>d</span><span class='default'>&&a.isFunction(d[e])?d[e].apply(d,g):d;if(f!==d&&f!==b){</span><span class='AttrName'>h</span><span class='default'>=</span><span class='AttrValue'>f</span><span class='default'>;</span><span class='AttrValue'><br /></span></div>
<div class='line'><span class='default'>return!1}}):this.each(function(){var </span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>a.data</span><span class='default'>(this,c);b?b.option(e||{})._init():a.data(this,c,new d(e,this))});return h}},a.</span><span class='AttrName'>Widget</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(a,b){arguments.length&&this._createWidget(a,b)},a.</span></div>
<div class='line'><span class='default'>Widget.prototype={widgetName:"widget",widgetEventPrefix:"",options:{disabled:</span></div>
<div class='line'><span class='default'>!1},_createWidget:function(b,c){a.data(c,this.widgetName,this),this.</span><span class='AttrName'>element</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>(c)</span></div>
<div class='line'><span class='default'>,this.</span><span class='AttrName'>options</span><span class='default'>=</span><span class='AttrValue'>a.extend</span><span class='default'>(!0,{},this.options,this._getCreateOptions(),b);</span></div>
<div class='line'><span class='default'>var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;this.element.bind("remove."+this.widgetName,function(){d.destroy()}),this</span></div>
<div class='line'><span class='default'>._create(),this._trigger("create"),this._init()},_getCreateOptions:function(){re</span></div>
<div class='line'><span class='default'>turn a.metadata&&a.metadata.get(this.element[0])[this.widgetName]},_create:</span></div>
<div class='line'><span class='default'>function(){},_init:function(){},destroy:function(){this.element.unbind(".</span></div>
<div class='line'><span class='default'>"+this.widgetName).removeData(this.widgetName),this.widget().unbind(".</span></div>
<div class='line'><span class='default'>"+this.widgetName).removeAttr("aria-disabled").removeClass(this.widgetBaseClass+</span></div>
<div class='line'><span class='default'>"-disabled "+"ui-state-disabled")},widget:function(){return this.element},option:function(c,d){var </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>c</span><span class='default'>;if(arguments.length===0)return a.extend({},this.options);if(typeof c=="string"){if(d===b)return this.options[c];e={},e[c]=d}this._setOptions(e);return this},_setOptions:function(b){var </span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;a.each(b,function(a,b){c._setOption(a,b)});return this},_setOption:function(a,b){this.options[a]=b,a==="disabled"&&this.</span></div>
<div class='line'><span class='default'>widget()[b?"addClass":"removeClass"](this.widgetBaseClass+"-disabled"+" "+"ui-state-disabled").attr("aria-disabled",b);return this},enable:function(){return this._setOption("disabled",!1)},disable:function(){return this._setOption("disabled",!0)},_trigger:function(b,c,d){var e,f,</span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>this.options</span><span class='default'>[b];</span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>d</span><span class='default'>||{},</span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>a.Event</span><span class='default'>(c),c.type=(b===this.widgetEventPrefix?b:</span></div>
<div class='line'><span class='default'>this.widgetEventPrefix+b).toLowerCase(),c.</span><span class='AttrName'>target</span><span class='default'>=</span><span class='AttrValue'>this.element</span><span class='default'>[0],</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>c.originalEve</span></div>
<div class='line'><span class='AttrValue'>nt</span><span class='default'>;if(f)for(e in f)e in c||(c[e]=f[e]);this.element.trigger(c,d);return!(a.isFunction(g)&&g.call(this.</span></div>
<div class='line'><span class='default'>element[0],c,d)===!1||c.isDefaultPrevented())}}})(jQuery);/*!</span></div>
<div class='line'><span class='default'> * jQuery UI Mouse 1.8.18</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)</span></div>
<div class='line'><span class='default'> * Dual licensed under the MIT or GPL Version 2 licenses.</span></div>
<div class='line'><span class='default'> * http://jquery.org/license</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * http://docs.jquery.com/UI/Mouse</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * Depends:</span></div>
<div class='line'><span class='default'> *	jquery.ui.widget.js</span></div>
<div class='line'><span class='default'> */(function(a,b){var c=!1;a(document).mouseup(function(a){c=!1}),a.widget("ui.mouse",{options:</span></div>
<div class='line'><span class='default'>{cancel:":input,option",distance:1,delay:0},_mouseInit:function(){var </span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;this.element.bind("mousedown."+this.widgetName,function(a){return b._mouseDown(a)}).bind("click."+this.widgetName,function(c){if(!0===a.</span></div>
<div class='line'><span class='default'>data(c.target,b.widgetName+".preventClickEvent")){a.removeData(c.target,b.</span></div>
<div class='line'><span class='default'>widgetName+".preventClickEvent"),c.stopImmediatePropagation();return!1}}),this.</span></div>
<div class='line'><span class='default'>started=!1},_mouseDestroy:function(){this.element.unbind("."+this.widgetName)},_</span></div>
<div class='line'><span class='default'>mouseDown:function(b){if(!c){this._mouseStarted&&this._mouseUp(b),this.</span></div>
<div class='line'><span class='default'>_</span><span class='AttrName'>mouseDownEvent</span><span class='default'>=</span><span class='AttrValue'>b</span><span class='default'>;var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>,</span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>b.which</span><span class='default'>==1,</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>typeof</span><span class='default'> this.options.cancel=="string"&&b.target.nodeName?a(b.target).closest(this.</span></div>
<div class='line'><span class='default'>options.cancel).length:!1;if(!e||f||!this._mouseCapture(b))return!0;this.</span></div>
<div class='line'><span class='default'>mouseDelayMet=!this.options.delay,this.mouseDelayMet||(this._</span><span class='AttrName'>mouseDelayTimer</span><span class='default'>=</span><span class='AttrValue'>set</span></div>
<div class='line'><span class='AttrValue'>Timeout</span><span class='default'>(function(){d.mouseDelayMet=!0},this.options.delay));if(this._mouseDistan</span></div>
<div class='line'><span class='default'>ceMet(b)&&this._mouseDelayMet(b)){this._</span><span class='AttrName'>mouseStarted</span><span class='default'>=</span><span class='AttrValue'>this.</span><span class='default'>_mouseStart(b)!==!1;</span></div>
<div class='line'><span class='default'>if(!this._mouseStarted){b.preventDefault();return!0}}!0===a.data(b.target,this.</span></div>
<div class='line'><span class='default'>widgetName+".preventClickEvent")&&a.removeData(b.target,this.widgetName+".</span></div>
<div class='line'><span class='default'>preventClickEvent"),this._</span><span class='AttrName'>mouseMoveDelegate</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(a){return d._mouseMove(a)},this._</span><span class='AttrName'>mouseUpDelegate</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(a){return d._mouseUp(a)},a(document).bind("mousemove."+this.widgetName,this._mouseMoveDele</span></div>
<div class='line'><span class='default'>gate).bind("mouseup."+this.widgetName,this._mouseUpDelegate),b.preventDefault(),</span></div>
<div class='line'><span class='default'>c=!0;return!0}},_mouseMove:function(b){if(a.browser.msie&&!(document.documentMod</span></div>
<div class='line'><span class='default'>e>=9)&&!b.button)return this._mouseUp(b);if(this._mouseStarted){this._mouseDrag(b);return b.preventDefault()}this._mouseDistanceMet(b)&&this._mouseDelayMet(b)&&</span></div>
<div class='line'><span class='default'>(this._</span><span class='AttrName'>mouseStarted</span><span class='default'>=</span><span class='AttrValue'>this.</span><span class='default'>_mouseStart(this._mouseDownEvent,b)!==!1,this.</span></div>
<div class='line'><span class='default'>_mouseStarted?this._mouseDra...[TRUNCATED]...</span></div>

        </div>
        <div class="page-break"></div>
    <h3>
        <span>6.2.1</span>
        <span>
                <a href="#OftenMisusedWeakSSLCertificate">Often Misused: Weak SSL Certificate</a>
        </span>
        <span class="pull-right text-severity-medium">Medium</span>

    </h3>
        <div class="block-header bg-primary">
                <a name="0aa784393424495b8bec8f36600a2c7f"></a>
            ID 46409646 - https://www.nestle-waters.cn:443/Content/js/slider.js
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET /Content/js/slider.js HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Referer:</span><span class='HeaderValue'> https://www.nestle-waters.cn/</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.nestle-waters.cn</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> */*</span></div>
<div class='line'><span class='HeaderName'>Accept-Language:</span><span class='HeaderValue'> en-US,en;q=0.5</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>X-AscRawUrl:</span><span class='HeaderValue'> /Content/js/slider.js</span></div>
<div class='line'><span class='HeaderName'>Pragma:</span><span class='HeaderValue'> no-cache</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> Keep-Alive</span></div>
<div class='line'><span class='HeaderName'>X-Scan-Memo:</span><span class='HeaderValue'> ScriptEngine="Gecko"; Category="Crawl"; SID="684D0841072FE14623EA9FA607683B5D"; PSID="E6566F613CE4F66E9B05E7E15D094F46"; SessionType="Crawl"; CrawlType="ScriptInclude"; AttackType="None"; OriginatingEngineID="00000000-0000-0000-0000-000000000000"; ThreadId="580"; ThreadType="JScriptEvent"; </span></div>
<div class='line'><span class='HeaderName'>X-RequestManager-Memo:</span><span class='HeaderValue'> sid="1315"; smi="0"; sc="1"; ID="0c4d3f43-ab19-4789-a740-14a71a5ef301"; </span></div>
<div class='line'><span class='HeaderName'>X-Request-Memo:</span><span class='HeaderValue'> ID="a402b159-9865-4476-9ef0-48b9563e4b3a"; sc="1"; ThreadId="580"; </span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> CustomCookie=WebInspect122860ZX38A625F6A3164D32AE7BC3B51B1FE5DBY1470;ASP.</span></div>
<div class='line'><span class='HeaderValue'>NET_SessionId=aao3hmd1pwqfgni02sutpakq;TS011e36f3=01851f6ed5c2b4c3df2c91699f2279</span></div>
<div class='line'><span class='HeaderValue'>7499cf1794437a2436c30bb69fc2fc58cbdf8ff0152188afc668897bac21c90e212d3caf6730</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 200 OK</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> application/javascript</span></div>
<div class='line'><span class='HeaderName'>Last-Modified:</span><span class='HeaderValue'> Mon, 09 May 2016 03:46:23 GMT</span></div>
<div class='line'><span class='HeaderName'>Accept-Ranges:</span><span class='HeaderValue'> bytes</span></div>
<div class='line'><span class='HeaderName'>ETag:</span><span class='HeaderValue'> "a9171e5ba5a9d11:0"</span></div>
<div class='line'><span class='HeaderName'>Vary:</span><span class='HeaderValue'> Accept-Encoding</span></div>
<div class='line'><span class='HeaderName'>X-Powered-By:</span><span class='HeaderValue'> ASP.NET</span></div>
<div class='line'><span class='HeaderName'>Date:</span><span class='HeaderValue'> Fri, 02 Feb 2018 13:39:58 GMT</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 4546</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>/**</span></div>
<div class='line'><span class='default'> * slider插件可悬停控制</span></div>
<div class='line'><span class='default'> */</span></div>
<div class='line'><span class='default'>; $(function ($, window, document, undefined) {</span></div>
<div class='line'><span class='default'>    </span></div>
<div class='line'><span class='default'>    </span><span class='AttrName'>Slider</span><span class='default'> = </span><span class='AttrValue'>function</span><span class='default'> (container, options) {</span></div>
<div class='line'><span class='default'>        /*</span></div>
<div class='line'><span class='default'>        options = {</span></div>
<div class='line'><span class='default'>            auto: true,</span></div>
<div class='line'><span class='default'>            time: 3000,</span></div>
<div class='line'><span class='default'>            event: 'hover' | 'click',</span></div>
<div class='line'><span class='default'>            mode: 'slide | fade',</span></div>
<div class='line'><span class='default'>            controller: $(),</span></div>
<div class='line'><span class='default'>            activeControllerCls: 'className',</span></div>
<div class='line'><span class='default'>            exchangeEnd: $.noop</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'>        */</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        "use strict"; //stirct mode not support by IE9-</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        if (!container) return;</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        var </span><span class='AttrName'>options</span><span class='default'> = </span><span class='AttrValue'>options</span><span class='default'> || {},</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>currentIndex</span><span class='default'> = </span><span class='AttrValue'>0</span><span class='default'>,</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>cls</span><span class='default'> = </span><span class='AttrValue'>options.activeControllerCls</span><span class='default'>,</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>delay</span><span class='default'> = </span><span class='AttrValue'>options.delay</span><span class='default'>,</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>isAuto</span><span class='default'> = </span><span class='AttrValue'>options.auto</span><span class='default'>,</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>controller</span><span class='default'> = </span><span class='AttrValue'>options.controller</span><span class='default'>,</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>event</span><span class='default'> = </span><span class='AttrValue'>options.event</span><span class='default'>,</span></div>
<div class='line'><span class='default'>            interval,</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>slidesWrapper</span><span class='default'> = </span><span class='AttrValue'>container.children</span><span class='default'>().first(),</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>slides</span><span class='default'> = </span><span class='AttrValue'>slidesWrapper.children</span><span class='default'>(),</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>length</span><span class='default'> = </span><span class='AttrValue'>slides.length</span><span class='default'>,</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>childWidth</span><span class='default'> = </span><span class='AttrValue'>container.width</span><span class='default'>(),</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>totalWidth</span><span class='default'> = </span><span class='AttrValue'>childWidth</span><span class='default'> * slides.length;</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        function init() {</span></div>
<div class='line'><span class='default'>            var </span><span class='AttrName'>controlItem</span><span class='default'> = </span><span class='AttrValue'>controller.children</span><span class='default'>();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            mode();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            event == 'hover' ? controlItem.mouseover(function () {</span></div>
<div class='line'><span class='default'>                stop();</span></div>
<div class='line'><span class='default'>                var index = $(this).index();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>                play(index, options.mode);</span></div>
<div class='line'><span class='default'>            }).mouseout(function () {</span></div>
<div class='line'><span class='default'>                isAuto && autoPlay();</span></div>
<div class='line'><span class='default'>            }) : controlItem.click(function () {</span></div>
<div class='line'><span class='default'>                stop();</span></div>
<div class='line'><span class='default'>                var index = $(this).index();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>                play(index, options.mode);</span></div>
<div class='line'><span class='default'>                isAuto && autoPlay();</span></div>
<div class='line'><span class='default'>            });</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            isAuto && autoPlay();</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //animate mode</span></div>
<div class='line'><span class='default'>        function mode() {</span></div>
<div class='line'><span class='default'>            var </span><span class='AttrName'>wrapper</span><span class='default'> = </span><span class='AttrValue'>container.children</span><span class='default'>().first();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            options.mode == 'slide' ? wrapper.width(totalWidth) : wrapper.children().css({</span></div>
<div class='line'><span class='default'>                'position': 'absolute',</span></div>
<div class='line'><span class='default'>                'left': 0,</span></div>
<div class='line'><span class='default'>                'top': 0</span></div>
<div class='line'><span class='default'>            })</span></div>
<div class='line'><span class='default'>                .first().siblings().hide();</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //auto play</span></div>
<div class='line'><span class='default'>        function autoPlay() {</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>interval</span><span class='default'> = </span><span class='AttrValue'>setInterval</span><span class='default'>(function () {</span></div>
<div class='line'><span class='default'>                triggerPlay(currentIndex);</span></div>
<div class='line'><span class='default'>            }, options.time);</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //trigger play</span></div>
<div class='line'><span class='default'>        function triggerPlay(cIndex) {</span></div>
<div class='line'><span class='default'>            var index;</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            (cIndex == length - 1) ? </span><span class='AttrName'>index</span><span class='default'> = </span><span class='AttrValue'>0</span><span class='default'> : </span><span class='AttrName'>index</span><span class='default'> = </span><span class='AttrValue'>cIndex</span><span class='default'> + 1;</span></div>
<div class='line'><span class='default'>            play(index, options.mode);</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //play</span></div>
<div class='line'><span class='default'>        function play(index, mode) {</span></div>
<div class='line'><span class='default'>            slidesWrapper.stop(true, true);</span></div>
<div class='line'><span class='default'>            slides.stop(true, true);</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            mode == 'slide' ? (function () {</span></div>
<div class='line'><span class='default'>                if (index > currentIndex) {</span></div>
<div class='line'><span class='default'>                    slidesWrapper.animate({</span></div>
<div class='line'><span class='default'>                        left: '-=' + Math.abs(index - currentIndex) * childWidth + 'px'</span></div>
<div class='line'><span class='default'>                    }, delay);</span></div>
<div class='line'><span class='default'>                } else if (index &lt; currentIndex) {</span></div>
<div class='line'><span class='default'>                    slidesWrapper.animate({</span></div>
<div class='line'><span class='default'>                        left: '+=' + Math.abs(index - currentIndex) * childWidth + 'px'</span></div>
<div class='line'><span class='default'>                    }, delay);</span></div>
<div class='line'><span class='default'>                } else {</span></div>
<div class='line'><span class='default'>                    return;</span></div>
<div class='line'><span class='default'>                }</span></div>
<div class='line'><span class='default'>            })() : (function () {</span></div>
<div class='line'><span class='default'>                if (slidesWrapper.children(':visible').index() == index) return;</span></div>
<div class='line'><span class='default'>                slidesWrapper.children().fadeOut(delay).eq(index).fadeIn(delay);</span></div>
<div class='line'><span class='default'>            })();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            try {</span></div>
<div class='line'><span class='default'>                controller.children('.' + cls).removeClass(cls);</span></div>
<div class='line'><span class='default'>                controller.children().eq(index).addClass(cls);</span></div>
<div class='line'><span class='default'>            } catch (e) { }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>currentIndex</span><span class='default'> = </span><span class='AttrValue'>index</span><span class='default'>;</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            options.exchangeEnd && typeof options.exchangeEnd == 'function' && options.exchangeEnd.call(this, currentIndex);</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //stop</span></div>
<div class='line'><span class='default'>        function stop() {</span></div>
<div class='line'><span class='default'>            clearInterval(interval);</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //prev frame</span></div>
<div class='line'><span class='default'>        function prev() {</span></div>
<div class='line'><span class='default'>            stop();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            currentIndex == 0 ? triggerPlay(length - 2) : triggerPlay(currentIndex - 2);</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            isAuto && autoPlay();</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //next frame</span></div>
<div class='line'><span class='default'>        function next() {</span></div>
<div class='line'><span class='default'>            stop();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            currentIndex == length - 1 ? triggerPlay(-1) : triggerPlay(currentIndex);</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            isAuto && autoPlay();</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //init</span></div>
<div class='line'><span class='default'>        init();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //expose the Slider API</span></div>
<div class='line'><span class='default'>        return {</span></div>
<div class='line'><span class='default'>            prev: function () {</span></div>
<div class='line'><span class='default'>                prev();</span></div>
<div class='line'><span class='default'>            },</span></div>
<div class='line'><span class='default'>            next: function () {</span></div>
<div class='line'><span class='default'>                next();</span></div>
<div class='line'><span class='default'>            }</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'>    };</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>}(jQuery, window, document));</span></div>

        </div>
        <div class="page-break"></div>
    <h3>
        <span>6.3.1</span>
        <span>
                <a href="#InsecureDeploymentUnpatchedApplication">Insecure Deployment: Unpatched Application</a>
        </span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
        <div class="block-header bg-primary">
                <a name="f0afaf86ed444236a8b437b0221396d2"></a>
            ID 40959854 - https://www.nestle-waters.cn:443/content/game/index.html
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET </span><span class='AttackSelection'>/content/game/index.html</span><span class='default'> HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Referer:</span><span class='HeaderValue'> https://www.nestle-waters.cn/water/edu/</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> */*</span></div>
<div class='line'><span class='HeaderName'>Pragma:</span><span class='HeaderValue'> no-cache</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0</span><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 200 OK</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> text/html</span></div>
<div class='line'><span class='HeaderName'>Last-Modified:</span><span class='HeaderValue'> Fri, 06 Nov 2015 02:25:42 GMT</span></div>
<div class='line'><span class='HeaderName'>Accept-Ranges:</span><span class='HeaderValue'> bytes</span></div>
<div class='line'><span class='HeaderName'>ETag:</span><span class='HeaderValue'> "09716f3a18d11:0"</span></div>
<div class='line'><span class='HeaderName'>Vary:</span><span class='HeaderValue'> Accept-Encoding</span></div>
<div class='line'><span class='HeaderName'>X-Powered-By:</span><span class='HeaderValue'> ASP.NET</span></div>
<div class='line'><span class='HeaderName'>Date:</span><span class='HeaderValue'> Fri, 02 Feb 2018 14:14:30 GMT</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 1966</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>html</span><span class='default'> </span><span class='AttrName'>xmlns</span><span class='default'>=</span><span class='AttrValue'>"http://www.w3.org/1999/xhtml"</span><span class='default'> xml:</span><span class='AttrName'>lang</span><span class='default'>=</span><span class='AttrValue'>"en"</span><span class='default'> </span><span class='AttrName'>lang</span><span class='default'>=</span><span class='AttrValue'>"en"</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>head</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>meta</span><span class='default'> http-</span><span class='AttrName'>equiv</span><span class='default'>=</span><span class='AttrValue'>"Content-Type"</span><span class='default'> </span><span class='AttrName'>content</span><span class='default'>=</span><span class='AttrValue'>"text/html; charset=iso-8859-1"</span><span class='default'> /></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>title</span><span class='default'>></span><span class='Text'>main</span><span class='default'>&lt;</span><span class='ElementName'>/title</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>script</span><span class='default'> </span><span class='AttrName'>language</span><span class='default'>=</span><span class='AttrValue'>"javascript"</span><span class='default'>></span><span class='Text'>AC_FL_RunContent = 0;</span><span class='default'>&lt;</span><span class='ElementName'>/script</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;script src="AC_RunActiveContent.js" language="javascript">&lt;/script></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>/head</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>body</span><span class='default'> </span><span class='AttrName'>bgcolor</span><span class='default'>=</span><span class='AttrValue'>"#ffffff"</span><span class='default'>></span></div>
<div class='line'><span class='Comment'>&lt;!--url's used in the movie--></span><span class='default'><br /></span></div>
<div class='line'><span class='Comment'>&lt;!--text used in the movie--></span><span class='default'><br /></span></div>
<div class='line'><span class='Comment'>&lt;!-- saved from url=(0013)about:internet --></span><span class='default'><br /></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>script</span><span class='default'> </span><span class='AttrName'>language</span><span class='default'>=</span><span class='AttrValue'>"javascript"</span><span class='default'>></span></div>
<div class='line'><span class='default'>	</span><span class='JSKeyword'>if</span><span class='default'> (AC_FL_RunContent == 0) {</span></div>
<div class='line'><span class='default'>		alert("</span><span class='JSKeyword'>This</span><span class='default'> page requires AC_RunActiveContent.js.");</span></div>
<div class='line'><span class='default'>	} </span><span class='JSKeyword'>else</span><span class='default'> {</span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='StartAtLine'> ... Starting at line 48 ... </span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='default'>			); </span><span class='JSComment'>//end AC code</span></div>
<div class='line'><span class='default'>	}</span></div>
<div class='line'><span class='default'>&lt;/script></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>noscript</span><span class='default'>></span></div>
<div class='line'><span class='default'>	</span><span class='AttackSelection'>&lt;object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.</span></div>
<div class='line'><span class='AttackSelection'>cab#version=9,0,0,0" width="670" height="345" id="main" align="middle"></span><span class='default'><br /></span></div>
<div class='line'><span class='default'>	&lt;</span><span class='ElementName'>param</span><span class='default'> </span><span class='AttrName'>name</span><span class='default'>=</span><span class='AttrValue'>"allowScriptAccess"</span><span class='default'> </span><span class='AttrName'>value</span><span class='default'>=</span><span class='AttrValue'>"sameDomain"</span><span class='default'> /></span></div>
<div class='line'><span class='default'>	&lt;</span><span class='ElementName'>param</span><span class='default'> </span><span class='AttrName'>name</span><span class='default'>=</span><span class='AttrValue'>"allowFullScreen"</span><span class='default'> </span><span class='AttrName'>value</span><span class='default'>=</span><span class='AttrValue'>"false"</span><span class='default'> /></span></div>
<div class='line'><span class='default'>	&lt;</span><span class='ElementName'>param</span><span class='default'> </span><span class='AttrName'>name</span><span class='default'>=</span><span class='AttrValue'>"movie"</span><span class='default'> </span><span class='AttrName'>value</span><span class='default'>=</span><span class='AttrValue'>"main.swf"</span><span class='default'> />&lt;</span><span class='ElementName'>param</span><span class='default'> </span><span class='AttrName'>name</span><span class='default'>=</span><span class='AttrValue'>"quality"</span><span class='default'> </span><span class='AttrName'>value</span><span class='default'>=</span><span class='AttrValue'>"high"</span><span class='default'> />&lt;</span><span class='ElementName'>param</span><span class='default'> </span><span class='AttrName'>name</span><span class='default'>=</span><span class='AttrValue'>"bgcolor"</span><span class='default'> </span><span class='AttrName'>value</span><span class='default'>=</span><span class='AttrValue'>"#ffffff"</span><span class='default'> /></span><span class='Text'>	</span><span class='default'>&lt;</span><span class='ElementName'>embed</span><span class='default'> </span><span class='AttrName'>src</span><span class='default'>=</span><span class='AttrValue'>"main.swf"</span><span class='default'> </span><span class='AttrName'>quality</span><span class='default'>=</span><span class='AttrValue'>"high"</span><span class='default'> </span><span class='AttrName'>bgcolor</span><span class='default'>=</span><span class='AttrValue'>"#ffffff"</span><span class='default'> </span><span class='AttrName'>width</span><span class='default'>=</span><span class='AttrValue'>"670"</span><span class='default'> </span><span class='AttrName'>height</span><span class='default'>=</span><span class='AttrValue'>"345"</span><span class='default'> </span><span class='AttrName'>name</span><span class='default'>=</span><span class='AttrValue'>"main"</span><span class='default'> </span><span class='AttrName'>align</span><span class='default'>=</span><span class='AttrValue'>"middle"</span><span class='default'> </span><span class='AttrName'>allowScriptAccess</span><span class='default'>=</span><span class='AttrValue'>"sameDomain"</span><span class='default'> </span><span class='AttrName'>allowFullScreen</span><span class='default'>=</span><span class='AttrValue'>"false"</span><span class='default'> </span><span class='AttrName'>type</span><span class='default'>=</span><span class='AttrValue'>"application/x-shockwave-flash"</span><span class='default'> </span><span class='AttrName'>pluginspage</span><span class='default'>=</span><span class='AttrValue'>"http://www.macromedia.com/go/getflashplayer"</span><span class='default'> /></span></div>
<div class='line'><span class='default'>	&lt;</span><span class='ElementName'>/object</span><span class='default'>></span></div>
<div class='line'><span class='default'>&lt;</span><span class='ElementName'>/noscript</span><span class='default'>></span></div>

        </div>
        <div class="page-break"></div>
    <h3>
        <span>6.3.2</span>
        <span>
                <a href="#InsecureTransportHSTSnotSet">Insecure Transport: HSTS not Set</a>
        </span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
        <div class="block-header bg-primary">
                <a name="a39ac2a58bf14818805a885a3903e698"></a>
            ID 46409644 - https://www.nestle-waters.cn:443/Content/js/slider.js
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET /Content/js/slider.js HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Referer:</span><span class='HeaderValue'> https://www.nestle-waters.cn/</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.nestle-waters.cn</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> */*</span></div>
<div class='line'><span class='HeaderName'>Accept-Language:</span><span class='HeaderValue'> en-US,en;q=0.5</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>X-AscRawUrl:</span><span class='HeaderValue'> /Content/js/slider.js</span></div>
<div class='line'><span class='HeaderName'>Pragma:</span><span class='HeaderValue'> no-cache</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> Keep-Alive</span></div>
<div class='line'><span class='HeaderName'>X-Scan-Memo:</span><span class='HeaderValue'> ScriptEngine="Gecko"; Category="Crawl"; SID="684D0841072FE14623EA9FA607683B5D"; PSID="E6566F613CE4F66E9B05E7E15D094F46"; SessionType="Crawl"; CrawlType="ScriptInclude"; AttackType="None"; OriginatingEngineID="00000000-0000-0000-0000-000000000000"; ThreadId="580"; ThreadType="JScriptEvent"; </span></div>
<div class='line'><span class='HeaderName'>X-RequestManager-Memo:</span><span class='HeaderValue'> sid="1315"; smi="0"; sc="1"; ID="0c4d3f43-ab19-4789-a740-14a71a5ef301"; </span></div>
<div class='line'><span class='HeaderName'>X-Request-Memo:</span><span class='HeaderValue'> ID="a402b159-9865-4476-9ef0-48b9563e4b3a"; sc="1"; ThreadId="580"; </span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> CustomCookie=WebInspect122860ZX38A625F6A3164D32AE7BC3B51B1FE5DBY1470;ASP.</span></div>
<div class='line'><span class='HeaderValue'>NET_SessionId=aao3hmd1pwqfgni02sutpakq;TS011e36f3=01851f6ed5c2b4c3df2c91699f2279</span></div>
<div class='line'><span class='HeaderValue'>7499cf1794437a2436c30bb69fc2fc58cbdf8ff0152188afc668897bac21c90e212d3caf6730</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 200 OK</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> application/javascript</span></div>
<div class='line'><span class='HeaderName'>Last-Modified:</span><span class='HeaderValue'> Mon, 09 May 2016 03:46:23 GMT</span></div>
<div class='line'><span class='HeaderName'>Accept-Ranges:</span><span class='HeaderValue'> bytes</span></div>
<div class='line'><span class='HeaderName'>ETag:</span><span class='HeaderValue'> "a9171e5ba5a9d11:0"</span></div>
<div class='line'><span class='HeaderName'>Vary:</span><span class='HeaderValue'> Accept-Encoding</span></div>
<div class='line'><span class='HeaderName'>X-Powered-By:</span><span class='HeaderValue'> ASP.NET</span></div>
<div class='line'><span class='HeaderName'>Date:</span><span class='HeaderValue'> Fri, 02 Feb 2018 13:39:58 GMT</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 4546</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>/**</span></div>
<div class='line'><span class='default'> * slider插件可悬停控制</span></div>
<div class='line'><span class='default'> */</span></div>
<div class='line'><span class='default'>; $(function ($, window, document, undefined) {</span></div>
<div class='line'><span class='default'>    </span></div>
<div class='line'><span class='default'>    </span><span class='AttrName'>Slider</span><span class='default'> = </span><span class='AttrValue'>function</span><span class='default'> (container, options) {</span></div>
<div class='line'><span class='default'>        /*</span></div>
<div class='line'><span class='default'>        options = {</span></div>
<div class='line'><span class='default'>            auto: true,</span></div>
<div class='line'><span class='default'>            time: 3000,</span></div>
<div class='line'><span class='default'>            event: 'hover' | 'click',</span></div>
<div class='line'><span class='default'>            mode: 'slide | fade',</span></div>
<div class='line'><span class='default'>            controller: $(),</span></div>
<div class='line'><span class='default'>            activeControllerCls: 'className',</span></div>
<div class='line'><span class='default'>            exchangeEnd: $.noop</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'>        */</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        "use strict"; //stirct mode not support by IE9-</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        if (!container) return;</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        var </span><span class='AttrName'>options</span><span class='default'> = </span><span class='AttrValue'>options</span><span class='default'> || {},</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>currentIndex</span><span class='default'> = </span><span class='AttrValue'>0</span><span class='default'>,</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>cls</span><span class='default'> = </span><span class='AttrValue'>options.activeControllerCls</span><span class='default'>,</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>delay</span><span class='default'> = </span><span class='AttrValue'>options.delay</span><span class='default'>,</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>isAuto</span><span class='default'> = </span><span class='AttrValue'>options.auto</span><span class='default'>,</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>controller</span><span class='default'> = </span><span class='AttrValue'>options.controller</span><span class='default'>,</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>event</span><span class='default'> = </span><span class='AttrValue'>options.event</span><span class='default'>,</span></div>
<div class='line'><span class='default'>            interval,</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>slidesWrapper</span><span class='default'> = </span><span class='AttrValue'>container.children</span><span class='default'>().first(),</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>slides</span><span class='default'> = </span><span class='AttrValue'>slidesWrapper.children</span><span class='default'>(),</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>length</span><span class='default'> = </span><span class='AttrValue'>slides.length</span><span class='default'>,</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>childWidth</span><span class='default'> = </span><span class='AttrValue'>container.width</span><span class='default'>(),</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>totalWidth</span><span class='default'> = </span><span class='AttrValue'>childWidth</span><span class='default'> * slides.length;</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        function init() {</span></div>
<div class='line'><span class='default'>            var </span><span class='AttrName'>controlItem</span><span class='default'> = </span><span class='AttrValue'>controller.children</span><span class='default'>();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            mode();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            event == 'hover' ? controlItem.mouseover(function () {</span></div>
<div class='line'><span class='default'>                stop();</span></div>
<div class='line'><span class='default'>                var index = $(this).index();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>                play(index, options.mode);</span></div>
<div class='line'><span class='default'>            }).mouseout(function () {</span></div>
<div class='line'><span class='default'>                isAuto && autoPlay();</span></div>
<div class='line'><span class='default'>            }) : controlItem.click(function () {</span></div>
<div class='line'><span class='default'>                stop();</span></div>
<div class='line'><span class='default'>                var index = $(this).index();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>                play(index, options.mode);</span></div>
<div class='line'><span class='default'>                isAuto && autoPlay();</span></div>
<div class='line'><span class='default'>            });</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            isAuto && autoPlay();</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //animate mode</span></div>
<div class='line'><span class='default'>        function mode() {</span></div>
<div class='line'><span class='default'>            var </span><span class='AttrName'>wrapper</span><span class='default'> = </span><span class='AttrValue'>container.children</span><span class='default'>().first();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            options.mode == 'slide' ? wrapper.width(totalWidth) : wrapper.children().css({</span></div>
<div class='line'><span class='default'>                'position': 'absolute',</span></div>
<div class='line'><span class='default'>                'left': 0,</span></div>
<div class='line'><span class='default'>                'top': 0</span></div>
<div class='line'><span class='default'>            })</span></div>
<div class='line'><span class='default'>                .first().siblings().hide();</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //auto play</span></div>
<div class='line'><span class='default'>        function autoPlay() {</span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>interval</span><span class='default'> = </span><span class='AttrValue'>setInterval</span><span class='default'>(function () {</span></div>
<div class='line'><span class='default'>                triggerPlay(currentIndex);</span></div>
<div class='line'><span class='default'>            }, options.time);</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //trigger play</span></div>
<div class='line'><span class='default'>        function triggerPlay(cIndex) {</span></div>
<div class='line'><span class='default'>            var index;</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            (cIndex == length - 1) ? </span><span class='AttrName'>index</span><span class='default'> = </span><span class='AttrValue'>0</span><span class='default'> : </span><span class='AttrName'>index</span><span class='default'> = </span><span class='AttrValue'>cIndex</span><span class='default'> + 1;</span></div>
<div class='line'><span class='default'>            play(index, options.mode);</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //play</span></div>
<div class='line'><span class='default'>        function play(index, mode) {</span></div>
<div class='line'><span class='default'>            slidesWrapper.stop(true, true);</span></div>
<div class='line'><span class='default'>            slides.stop(true, true);</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            mode == 'slide' ? (function () {</span></div>
<div class='line'><span class='default'>                if (index > currentIndex) {</span></div>
<div class='line'><span class='default'>                    slidesWrapper.animate({</span></div>
<div class='line'><span class='default'>                        left: '-=' + Math.abs(index - currentIndex) * childWidth + 'px'</span></div>
<div class='line'><span class='default'>                    }, delay);</span></div>
<div class='line'><span class='default'>                } else if (index &lt; currentIndex) {</span></div>
<div class='line'><span class='default'>                    slidesWrapper.animate({</span></div>
<div class='line'><span class='default'>                        left: '+=' + Math.abs(index - currentIndex) * childWidth + 'px'</span></div>
<div class='line'><span class='default'>                    }, delay);</span></div>
<div class='line'><span class='default'>                } else {</span></div>
<div class='line'><span class='default'>                    return;</span></div>
<div class='line'><span class='default'>                }</span></div>
<div class='line'><span class='default'>            })() : (function () {</span></div>
<div class='line'><span class='default'>                if (slidesWrapper.children(':visible').index() == index) return;</span></div>
<div class='line'><span class='default'>                slidesWrapper.children().fadeOut(delay).eq(index).fadeIn(delay);</span></div>
<div class='line'><span class='default'>            })();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            try {</span></div>
<div class='line'><span class='default'>                controller.children('.' + cls).removeClass(cls);</span></div>
<div class='line'><span class='default'>                controller.children().eq(index).addClass(cls);</span></div>
<div class='line'><span class='default'>            } catch (e) { }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            </span><span class='AttrName'>currentIndex</span><span class='default'> = </span><span class='AttrValue'>index</span><span class='default'>;</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            options.exchangeEnd && typeof options.exchangeEnd == 'function' && options.exchangeEnd.call(this, currentIndex);</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //stop</span></div>
<div class='line'><span class='default'>        function stop() {</span></div>
<div class='line'><span class='default'>            clearInterval(interval);</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //prev frame</span></div>
<div class='line'><span class='default'>        function prev() {</span></div>
<div class='line'><span class='default'>            stop();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            currentIndex == 0 ? triggerPlay(length - 2) : triggerPlay(currentIndex - 2);</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            isAuto && autoPlay();</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //next frame</span></div>
<div class='line'><span class='default'>        function next() {</span></div>
<div class='line'><span class='default'>            stop();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            currentIndex == length - 1 ? triggerPlay(-1) : triggerPlay(currentIndex);</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>            isAuto && autoPlay();</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //init</span></div>
<div class='line'><span class='default'>        init();</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>        //expose the Slider API</span></div>
<div class='line'><span class='default'>        return {</span></div>
<div class='line'><span class='default'>            prev: function () {</span></div>
<div class='line'><span class='default'>                prev();</span></div>
<div class='line'><span class='default'>            },</span></div>
<div class='line'><span class='default'>            next: function () {</span></div>
<div class='line'><span class='default'>                next();</span></div>
<div class='line'><span class='default'>            }</span></div>
<div class='line'><span class='default'>        }</span></div>
<div class='line'><span class='default'>    };</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>}(jQuery, window, document));</span></div>

        </div>
        <div class="page-break"></div>
    <h3>
        <span>6.3.3</span>
        <span>
                <a href="#InsecureTransportWeakSSLCipher">Insecure Transport: Weak SSL Cipher</a>
        </span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
        <div class="block-header bg-primary">
                <a name="26c872540bb747c08c07bdbf5b3246f1"></a>
            ID 46409647 - https://www.nestle-waters.cn:443/Content/js/jquery-ui-datepicker.js
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET /Content/js/jquery-ui-datepicker.js HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Referer:</span><span class='HeaderValue'> https://www.nestle-waters.cn/</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.nestle-waters.cn</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> */*</span></div>
<div class='line'><span class='HeaderName'>Accept-Language:</span><span class='HeaderValue'> en-US,en;q=0.5</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>X-AscRawUrl:</span><span class='HeaderValue'> /Content/js/jquery-ui-datepicker.js</span></div>
<div class='line'><span class='HeaderName'>Pragma:</span><span class='HeaderValue'> no-cache</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> Keep-Alive</span></div>
<div class='line'><span class='HeaderName'>X-Scan-Memo:</span><span class='HeaderValue'> ScriptEngine="Gecko"; Category="Crawl"; SID="0852CE834409D71D0EE727BC033BD7AF"; PSID="E6566F613CE4F66E9B05E7E15D094F46"; SessionType="Crawl"; CrawlType="ScriptInclude"; AttackType="None"; OriginatingEngineID="00000000-0000-0000-0000-000000000000"; ThreadId="639"; ThreadType="JScriptEvent"; </span></div>
<div class='line'><span class='HeaderName'>X-RequestManager-Memo:</span><span class='HeaderValue'> sid="1315"; smi="0"; sc="1"; ID="b40a2e58-e05c-45f7-b85a-d4bf653e42ca"; </span></div>
<div class='line'><span class='HeaderName'>X-Request-Memo:</span><span class='HeaderValue'> ID="0c273360-60eb-4c1a-8554-f373be7a6a8f"; sc="1"; ThreadId="639"; </span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> CustomCookie=WebInspect122860ZX38A625F6A3164D32AE7BC3B51B1FE5DBY1470;ASP.</span></div>
<div class='line'><span class='HeaderValue'>NET_SessionId=aao3hmd1pwqfgni02sutpakq;TS011e36f3=01851f6ed5c2b4c3df2c91699f2279</span></div>
<div class='line'><span class='HeaderValue'>7499cf1794437a2436c30bb69fc2fc58cbdf8ff0152188afc668897bac21c90e212d3caf6730</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 200 OK</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> application/javascript</span></div>
<div class='line'><span class='HeaderName'>Last-Modified:</span><span class='HeaderValue'> Fri, 06 Nov 2015 02:29:16 GMT</span></div>
<div class='line'><span class='HeaderName'>Accept-Ranges:</span><span class='HeaderValue'> bytes</span></div>
<div class='line'><span class='HeaderName'>ETag:</span><span class='HeaderValue'> "0668fee3a18d11:0"</span></div>
<div class='line'><span class='HeaderName'>Vary:</span><span class='HeaderValue'> Accept-Encoding</span></div>
<div class='line'><span class='HeaderName'>X-Powered-By:</span><span class='HeaderValue'> ASP.NET</span></div>
<div class='line'><span class='HeaderName'>Date:</span><span class='HeaderValue'> Fri, 02 Feb 2018 13:39:52 GMT</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 51754</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>/*!</span></div>
<div class='line'><span class='default'> * jQuery UI 1.8.18</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)</span></div>
<div class='line'><span class='default'> * Dual licensed under the MIT or GPL Version 2 licenses.</span></div>
<div class='line'><span class='default'> * http://jquery.org/license</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * http://docs.jquery.com/UI</span></div>
<div class='line'><span class='default'> */(function(a,b){function d(b){return!a(b).parents().andSelf().filter(function(){return a.curCSS(this,"visibility")==="hidden"||a.expr.filters.hidden(this)}).</span></div>
<div class='line'><span class='default'>length}function c(b,c){var </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>b.nodeName.toLowerCase</span><span class='default'>();if("area"===e){var </span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>b.parentNode</span><span class='default'>,</span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>f.name</span><span class='default'>,h;if(!b.href||!g||f.nodeName.toLowerCase()!=="map")retur</span></div>
<div class='line'><span class='default'>n!1;</span><span class='AttrName'>h</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>("img[</span><span class='AttrName'>usemap</span><span class='default'>=</span><span class='AttrValue'>#</span><span class='default'>"+g+"]")[0];return!!h&&d(h)}return(/input|select|textarea|b</span></div>
<div class='line'><span class='default'>utton|object/.test(e)?!b.disabled:"a"==e?b.href||c:c)&&d(b)}a.</span><span class='AttrName'>ui</span><span class='default'>=</span><span class='AttrValue'>a.ui</span><span class='default'>||{};</span></div>
<div class='line'><span class='default'>a.ui.version||(a.extend(a.ui,{version:"1.8.18",keyCode:{ALT:18,BACKSPACE:</span></div>
<div class='line'><span class='default'>8,CAPS_LOCK:20,COMMA:188,COMMAND:91,COMMAND_LEFT:91,COMMAND_RIGHT:93,CONTROL:</span></div>
<div class='line'><span class='default'>17,DELETE:46,DOWN:40,END:35,ENTER:13,ESCAPE:27,HOME:36,INSERT:45,LEFT:</span></div>
<div class='line'><span class='default'>37,MENU:93,NUMPAD_ADD:107,NUMPAD_DECIMAL:110,NUMPAD_DIVIDE:111,NUMPAD_ENTER:</span></div>
<div class='line'><span class='default'>108,NUMPAD_MULTIPLY:106,NUMPAD_SUBTRACT:109,PAGE_DOWN:34,PAGE_UP:33,PERIOD:</span></div>
<div class='line'><span class='default'>190,RIGHT:39,SHIFT:16,SPACE:32,TAB:9,UP:38,WINDOWS:91}}),a.fn.extend({propAttr:</span></div>
<div class='line'><span class='default'>a.fn.prop||a.fn.attr,_focus:a.fn.focus,focus:function(b,c){return typeof b=="number"?this.each(function(){var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;setTimeout(function(){a(d).focus(),c&&c.call(d)},b)}):this._focus.</span></div>
<div class='line'><span class='default'>apply(this,arguments)},scrollParent:function(){var b;a.browser.msie&&/(static|relative)/.test(this.css("position"))||/absolute/.</span></div>
<div class='line'><span class='default'>test(this.css("position"))?</span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>this.parents</span><span class='default'>().filter(function(){return/(relative|a</span></div>
<div class='line'><span class='default'>bsolute|fixed)/.test(a.curCSS(this,"position",1))&&/(auto|scroll)/.test(a.</span></div>
<div class='line'><span class='default'>curCSS(this,"overflow",1)+a.curCSS(this,"overflow-y",1)+a.curCSS(this,"overflow-</span></div>
<div class='line'><span class='default'>x",1))}).eq(0):</span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>this.parents</span><span class='default'>().filter(function(){return/(auto|scroll)/.</span></div>
<div class='line'><span class='default'>test(a.curCSS(this,"overflow",1)+a.curCSS(this,"overflow-y",1)+a.curCSS(this,"ov</span></div>
<div class='line'><span class='default'>erflow-x",1))}).eq(0);return/fixed/.test(this.css("position"))||!b.length?a(docu</span></div>
<div class='line'><span class='default'>ment):b},zIndex:function(c){if(c!==b)return this.css("zIndex",c);if(this.length){var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>(this[0]),e,f;while(d.length&&d[0]!==document){</span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>d.css</span><span class='default'>("position");</span></div>
<div class='line'><span class='default'>if(e==="absolute"||e==="relative"||e==="fixed"){</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>parseInt</span><span class='default'>(d.css("zIndex"),10);</span></div>
<div class='line'><span class='default'>if(!isNaN(f)&&f!==0)return f}</span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>d.parent</span><span class='default'>()}}return 0},disableSelection:function(){return this.bind((a.support.selectstart?"selectstart":"mousedown")+".ui-disableSelectio</span></div>
<div class='line'><span class='default'>n",function(a){a.preventDefault()})},enableSelection:function(){return this.unbind(".ui-disableSelection")}}),a.each(["Width","Height"],function(c,d){f</span></div>
<div class='line'><span class='default'>unction h(b,c,d,f){a.each(e,function(){c-=parseFloat(a.curCSS(b,"padding"+this,!0))||0,d</span></div>
<div class='line'><span class='default'>&&(c-=parseFloat(a.curCSS(b,"border"+this+"Width",!0))||0),f&&(c-=parseFloat(a.</span></div>
<div class='line'><span class='default'>curCSS(b,"margin"+this,!0))||0)});return c}var </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>d</span><span class='default'>==="Width"?["Left","Right"]:["Top","Bottom"],</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>d.toLowerCase</span><span class='default'>(),g={innerWidth:</span></div>
<div class='line'><span class='default'>a.fn.innerWidth,innerHeight:a.fn.innerHeight,outerWidth:a.fn.outerWidth,outerHei</span></div>
<div class='line'><span class='default'>ght:a.fn.outerHeight};a.fn["inner"+d]=function(c){if(c===b)return g["inner"+d].call(this);return this.each(function(){a(this).css(f,h(this,c)+"px")})},a.fn["outer"+d]=function(b</span></div>
<div class='line'><span class='default'>,c){if(typeof b!="number")return g["outer"+d].call(this,b);return this.each(function(){a(this).css(f,h(this,b,!0,c)+"px")})}}),a.extend(a.</span></div>
<div class='line'><span class='default'>expr[":"],{data:function(b,c,d){return!!a.data(b,d[3])},focusable:function(b){re</span></div>
<div class='line'><span class='default'>turn c(b,!isNaN(a.attr(b,"tabindex")))},tabbable:function(b){var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>a.attr</span><span class='default'>(b,"tabindex"),</span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>isNaN</span><span class='default'>(d);return(e||d></span><span class='Text'>=0)&&c(b,!e)}}),a(function(){var b=document.body,c=b.appendChild(c=document.createElement("div"));c.offsetHeight,</span></div>
<div class='line'><span class='Text'>a.extend(c.style,{minHeight:"100px",height:"auto",padding:0,borderWidth:</span></div>
<div class='line'><span class='Text'>0}),a.support.minHeight=c.offsetHeight===100,a.support.selectstart="onselectstar</span></div>
<div class='line'><span class='Text'>t"in c,b.removeChild(c).style.display="none"}),a.extend(a.ui,{plugin:{add:function(b,</span></div>
<div class='line'><span class='Text'>c,d){var e=a.ui[b].prototype;for(var f in d)e.plugins[f]=e.plugins[f]||[],e.plugins[f].push([c,d[f]])},call:function(a,b,c</span></div>
<div class='line'><span class='Text'>){var d=a.plugins[b];if(!!d&&!!a.element[0].parentNode)for(var e=0;e</span><span class='default'>&lt;</span><span class='ElementName'>d</span><span class='default'>.length;e++)a.options[d[e][0]]&&d[e][1].apply(a.element,c)}},contains:</span></div>
<div class='line'><span class='default'>function(a,b){return document.compareDocumentPosition?a.compareDocumentPosition(b)&16:a!==b&</span></div>
<div class='line'><span class='default'>&a.contains(b)},hasScroll:function(b,c){if(a(b).css("overflow")==="hidden")retur</span></div>
<div class='line'><span class='default'>n!1;var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>c</span><span class='default'>&&c==="left"?"scrollLeft":"scrollTop",e=!1;if(b[d]></span><span class='Text'>0)return!0;b[d]=1,e=b[d]></span></div>
<div class='line'><span class='Text'>0,b[d]=0;return e},isOverAxis:function(a,b,c){return a>b&&a</span><span class='default'>&lt;</span><span class='ElementName'>b</span><span class='default'>+c},isOver:function(b,c,d,e,f,g){return a.ui.isOverAxis(b,d,f)&&a.ui.isOverAxis(c,e,g)}}))})(jQuery);/*!</span></div>
<div class='line'><span class='default'> * jQuery UI Widget 1.8.18</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)</span></div>
<div class='line'><span class='default'> * Dual licensed under the MIT or GPL Version 2 licenses.</span></div>
<div class='line'><span class='default'> * http://jquery.org/license</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * http://docs.jquery.com/UI/Widget</span></div>
<div class='line'><span class='default'> */(function(a,b){if(a.cleanData){var </span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>a.cleanData</span><span class='default'>;a.</span><span class='AttrName'>cleanData</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(b){for(var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>0</span><span class='default'>,e;(</span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>b</span><span class='default'>[d])!=null;d++)try{a(e).triggerHandler("remove")}catch(f){}c(b)}}else{</span></div>
<div class='line'><span class='default'>var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>a.fn.remove</span><span class='default'>;a.fn.</span><span class='AttrName'>remove</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(b,c){return this.each(function(){c||(!b||a.filter(b,[this]).length)&&a("*",this).add([this])</span></div>
<div class='line'><span class='default'>.each(function(){try{a(this).triggerHandler("remove")}catch(b){}});return d.call(a(this),b,c)})}}a.</span><span class='AttrName'>widget</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(b,c,d){var </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>b.split</span><span class='default'>(".")[0],f;</span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>b.split</span><span class='default'>(".")[1],</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>e</span><span class='default'>+"-"+b,d||(</span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>c</span><span class='default'>,</span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>a.Widget</span><span class='default'>),a.</span></div>
<div class='line'><span class='default'>expr[":"][f]=function(c){return!!a.data(c,b)},a[e]=a[e]||{},a[e][b]=function(a,b</span></div>
<div class='line'><span class='default'>){arguments.length&&this._createWidget(a,b)};var </span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>new</span><span class='default'> c;g.</span><span class='AttrName'>options</span><span class='default'>=</span><span class='AttrValue'>a.extend</span><span class='default'>(!0,{},g.options),a[e][b].</span><span class='AttrName'>prototype</span><span class='default'>=</span><span class='AttrValue'>a.extend</span><span class='default'>(!0,g,{namespace</span></div>
<div class='line'><span class='default'>:e,widgetName:b,widgetEventPrefix:a[e][b].prototype.widgetEventPrefix||b,widgetB</span></div>
<div class='line'><span class='default'>aseClass:f},d),a.widget.bridge(b,a[e][b])},a.widget.</span><span class='AttrName'>bridge</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(c,d){a.</span></div>
<div class='line'><span class='default'>fn[c]=function(e){var </span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>typeof</span><span class='default'> e=="string",</span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>Array.prototype.slice.call</span><span class='default'>(arguments,1),</span><span class='AttrName'>h</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;e=!f&&g.length?a.</span></div>
<div class='line'><span class='default'>extend.apply(null,[!0,e].concat(g)):e;if(f&&e.charAt(0)==="_")return h;f?this.each(function(){var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>a.data</span><span class='default'>(this,c),</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>d</span><span class='default'>&&a.isFunction(d[e])?d[e].apply(d,g):d;if(f!==d&&f!==b){</span><span class='AttrName'>h</span><span class='default'>=</span><span class='AttrValue'>f</span><span class='default'>;</span><span class='AttrValue'><br /></span></div>
<div class='line'><span class='default'>return!1}}):this.each(function(){var </span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>a.data</span><span class='default'>(this,c);b?b.option(e||{})._init():a.data(this,c,new d(e,this))});return h}},a.</span><span class='AttrName'>Widget</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(a,b){arguments.length&&this._createWidget(a,b)},a.</span></div>
<div class='line'><span class='default'>Widget.prototype={widgetName:"widget",widgetEventPrefix:"",options:{disabled:</span></div>
<div class='line'><span class='default'>!1},_createWidget:function(b,c){a.data(c,this.widgetName,this),this.</span><span class='AttrName'>element</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>(c)</span></div>
<div class='line'><span class='default'>,this.</span><span class='AttrName'>options</span><span class='default'>=</span><span class='AttrValue'>a.extend</span><span class='default'>(!0,{},this.options,this._getCreateOptions(),b);</span></div>
<div class='line'><span class='default'>var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;this.element.bind("remove."+this.widgetName,function(){d.destroy()}),this</span></div>
<div class='line'><span class='default'>._create(),this._trigger("create"),this._init()},_getCreateOptions:function(){re</span></div>
<div class='line'><span class='default'>turn a.metadata&&a.metadata.get(this.element[0])[this.widgetName]},_create:</span></div>
<div class='line'><span class='default'>function(){},_init:function(){},destroy:function(){this.element.unbind(".</span></div>
<div class='line'><span class='default'>"+this.widgetName).removeData(this.widgetName),this.widget().unbind(".</span></div>
<div class='line'><span class='default'>"+this.widgetName).removeAttr("aria-disabled").removeClass(this.widgetBaseClass+</span></div>
<div class='line'><span class='default'>"-disabled "+"ui-state-disabled")},widget:function(){return this.element},option:function(c,d){var </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>c</span><span class='default'>;if(arguments.length===0)return a.extend({},this.options);if(typeof c=="string"){if(d===b)return this.options[c];e={},e[c]=d}this._setOptions(e);return this},_setOptions:function(b){var </span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;a.each(b,function(a,b){c._setOption(a,b)});return this},_setOption:function(a,b){this.options[a]=b,a==="disabled"&&this.</span></div>
<div class='line'><span class='default'>widget()[b?"addClass":"removeClass"](this.widgetBaseClass+"-disabled"+" "+"ui-state-disabled").attr("aria-disabled",b);return this},enable:function(){return this._setOption("disabled",!1)},disable:function(){return this._setOption("disabled",!0)},_trigger:function(b,c,d){var e,f,</span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>this.options</span><span class='default'>[b];</span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>d</span><span class='default'>||{},</span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>a.Event</span><span class='default'>(c),c.type=(b===this.widgetEventPrefix?b:</span></div>
<div class='line'><span class='default'>this.widgetEventPrefix+b).toLowerCase(),c.</span><span class='AttrName'>target</span><span class='default'>=</span><span class='AttrValue'>this.element</span><span class='default'>[0],</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>c.originalEve</span></div>
<div class='line'><span class='AttrValue'>nt</span><span class='default'>;if(f)for(e in f)e in c||(c[e]=f[e]);this.element.trigger(c,d);return!(a.isFunction(g)&&g.call(this.</span></div>
<div class='line'><span class='default'>element[0],c,d)===!1||c.isDefaultPrevented())}}})(jQuery);/*!</span></div>
<div class='line'><span class='default'> * jQuery UI Mouse 1.8.18</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)</span></div>
<div class='line'><span class='default'> * Dual licensed under the MIT or GPL Version 2 licenses.</span></div>
<div class='line'><span class='default'> * http://jquery.org/license</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * http://docs.jquery.com/UI/Mouse</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * Depends:</span></div>
<div class='line'><span class='default'> *	jquery.ui.widget.js</span></div>
<div class='line'><span class='default'> */(function(a,b){var c=!1;a(document).mouseup(function(a){c=!1}),a.widget("ui.mouse",{options:</span></div>
<div class='line'><span class='default'>{cancel:":input,option",distance:1,delay:0},_mouseInit:function(){var </span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;this.element.bind("mousedown."+this.widgetName,function(a){return b._mouseDown(a)}).bind("click."+this.widgetName,function(c){if(!0===a.</span></div>
<div class='line'><span class='default'>data(c.target,b.widgetName+".preventClickEvent")){a.removeData(c.target,b.</span></div>
<div class='line'><span class='default'>widgetName+".preventClickEvent"),c.stopImmediatePropagation();return!1}}),this.</span></div>
<div class='line'><span class='default'>started=!1},_mouseDestroy:function(){this.element.unbind("."+this.widgetName)},_</span></div>
<div class='line'><span class='default'>mouseDown:function(b){if(!c){this._mouseStarted&&this._mouseUp(b),this.</span></div>
<div class='line'><span class='default'>_</span><span class='AttrName'>mouseDownEvent</span><span class='default'>=</span><span class='AttrValue'>b</span><span class='default'>;var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>,</span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>b.which</span><span class='default'>==1,</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>typeof</span><span class='default'> this.options.cancel=="string"&&b.target.nodeName?a(b.target).closest(this.</span></div>
<div class='line'><span class='default'>options.cancel).length:!1;if(!e||f||!this._mouseCapture(b))return!0;this.</span></div>
<div class='line'><span class='default'>mouseDelayMet=!this.options.delay,this.mouseDelayMet||(this._</span><span class='AttrName'>mouseDelayTimer</span><span class='default'>=</span><span class='AttrValue'>set</span></div>
<div class='line'><span class='AttrValue'>Timeout</span><span class='default'>(function(){d.mouseDelayMet=!0},this.options.delay));if(this._mouseDistan</span></div>
<div class='line'><span class='default'>ceMet(b)&&this._mouseDelayMet(b)){this._</span><span class='AttrName'>mouseStarted</span><span class='default'>=</span><span class='AttrValue'>this.</span><span class='default'>_mouseStart(b)!==!1;</span></div>
<div class='line'><span class='default'>if(!this._mouseStarted){b.preventDefault();return!0}}!0===a.data(b.target,this.</span></div>
<div class='line'><span class='default'>widgetName+".preventClickEvent")&&a.removeData(b.target,this.widgetName+".</span></div>
<div class='line'><span class='default'>preventClickEvent"),this._</span><span class='AttrName'>mouseMoveDelegate</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(a){return d._mouseMove(a)},this._</span><span class='AttrName'>mouseUpDelegate</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(a){return d._mouseUp(a)},a(document).bind("mousemove."+this.widgetName,this._mouseMoveDele</span></div>
<div class='line'><span class='default'>gate).bind("mouseup."+this.widgetName,this._mouseUpDelegate),b.preventDefault(),</span></div>
<div class='line'><span class='default'>c=!0;return!0}},_mouseMove:function(b){if(a.browser.msie&&!(document.documentMod</span></div>
<div class='line'><span class='default'>e>=9)&&!b.button)return this._mouseUp(b);if(this._mouseStarted){this._mouseDrag(b);return b.preventDefault()}this._mouseDistanceMet(b)&&this._mouseDelayMet(b)&&</span></div>
<div class='line'><span class='default'>(this._</span><span class='AttrName'>mouseStarted</span><span class='default'>=</span><span class='AttrValue'>this.</span><span class='default'>_mouseStart(this._mouseDownEvent,b)!==!1,this.</span></div>
<div class='line'><span class='default'>_mouseStarted?this._mouseDra...[TRUNCATED]...</span></div>

        </div>
        <div class="page-break"></div>
    <h3>
        <span>6.3.4</span>
        <span>
                <a href="#InsecureTransportWeakSSLProtocol">Insecure Transport: Weak SSL Protocol</a>
        </span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
        <div class="block-header bg-primary">
                <a name="cd472378bdeb463f8e272d02c6d37322"></a>
            ID 46409648 - https://www.nestle-waters.cn:443/Content/js/jquery-ui-datepicker.js
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET /Content/js/jquery-ui-datepicker.js HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Referer:</span><span class='HeaderValue'> https://www.nestle-waters.cn/</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.nestle-waters.cn</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> */*</span></div>
<div class='line'><span class='HeaderName'>Accept-Language:</span><span class='HeaderValue'> en-US,en;q=0.5</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>X-AscRawUrl:</span><span class='HeaderValue'> /Content/js/jquery-ui-datepicker.js</span></div>
<div class='line'><span class='HeaderName'>Pragma:</span><span class='HeaderValue'> no-cache</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> Keep-Alive</span></div>
<div class='line'><span class='HeaderName'>X-Scan-Memo:</span><span class='HeaderValue'> ScriptEngine="Gecko"; Category="Crawl"; SID="0852CE834409D71D0EE727BC033BD7AF"; PSID="E6566F613CE4F66E9B05E7E15D094F46"; SessionType="Crawl"; CrawlType="ScriptInclude"; AttackType="None"; OriginatingEngineID="00000000-0000-0000-0000-000000000000"; ThreadId="639"; ThreadType="JScriptEvent"; </span></div>
<div class='line'><span class='HeaderName'>X-RequestManager-Memo:</span><span class='HeaderValue'> sid="1315"; smi="0"; sc="1"; ID="b40a2e58-e05c-45f7-b85a-d4bf653e42ca"; </span></div>
<div class='line'><span class='HeaderName'>X-Request-Memo:</span><span class='HeaderValue'> ID="0c273360-60eb-4c1a-8554-f373be7a6a8f"; sc="1"; ThreadId="639"; </span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> CustomCookie=WebInspect122860ZX38A625F6A3164D32AE7BC3B51B1FE5DBY1470;ASP.</span></div>
<div class='line'><span class='HeaderValue'>NET_SessionId=aao3hmd1pwqfgni02sutpakq;TS011e36f3=01851f6ed5c2b4c3df2c91699f2279</span></div>
<div class='line'><span class='HeaderValue'>7499cf1794437a2436c30bb69fc2fc58cbdf8ff0152188afc668897bac21c90e212d3caf6730</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 200 OK</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> application/javascript</span></div>
<div class='line'><span class='HeaderName'>Last-Modified:</span><span class='HeaderValue'> Fri, 06 Nov 2015 02:29:16 GMT</span></div>
<div class='line'><span class='HeaderName'>Accept-Ranges:</span><span class='HeaderValue'> bytes</span></div>
<div class='line'><span class='HeaderName'>ETag:</span><span class='HeaderValue'> "0668fee3a18d11:0"</span></div>
<div class='line'><span class='HeaderName'>Vary:</span><span class='HeaderValue'> Accept-Encoding</span></div>
<div class='line'><span class='HeaderName'>X-Powered-By:</span><span class='HeaderValue'> ASP.NET</span></div>
<div class='line'><span class='HeaderName'>Date:</span><span class='HeaderValue'> Fri, 02 Feb 2018 13:39:52 GMT</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 51754</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>/*!</span></div>
<div class='line'><span class='default'> * jQuery UI 1.8.18</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)</span></div>
<div class='line'><span class='default'> * Dual licensed under the MIT or GPL Version 2 licenses.</span></div>
<div class='line'><span class='default'> * http://jquery.org/license</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * http://docs.jquery.com/UI</span></div>
<div class='line'><span class='default'> */(function(a,b){function d(b){return!a(b).parents().andSelf().filter(function(){return a.curCSS(this,"visibility")==="hidden"||a.expr.filters.hidden(this)}).</span></div>
<div class='line'><span class='default'>length}function c(b,c){var </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>b.nodeName.toLowerCase</span><span class='default'>();if("area"===e){var </span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>b.parentNode</span><span class='default'>,</span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>f.name</span><span class='default'>,h;if(!b.href||!g||f.nodeName.toLowerCase()!=="map")retur</span></div>
<div class='line'><span class='default'>n!1;</span><span class='AttrName'>h</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>("img[</span><span class='AttrName'>usemap</span><span class='default'>=</span><span class='AttrValue'>#</span><span class='default'>"+g+"]")[0];return!!h&&d(h)}return(/input|select|textarea|b</span></div>
<div class='line'><span class='default'>utton|object/.test(e)?!b.disabled:"a"==e?b.href||c:c)&&d(b)}a.</span><span class='AttrName'>ui</span><span class='default'>=</span><span class='AttrValue'>a.ui</span><span class='default'>||{};</span></div>
<div class='line'><span class='default'>a.ui.version||(a.extend(a.ui,{version:"1.8.18",keyCode:{ALT:18,BACKSPACE:</span></div>
<div class='line'><span class='default'>8,CAPS_LOCK:20,COMMA:188,COMMAND:91,COMMAND_LEFT:91,COMMAND_RIGHT:93,CONTROL:</span></div>
<div class='line'><span class='default'>17,DELETE:46,DOWN:40,END:35,ENTER:13,ESCAPE:27,HOME:36,INSERT:45,LEFT:</span></div>
<div class='line'><span class='default'>37,MENU:93,NUMPAD_ADD:107,NUMPAD_DECIMAL:110,NUMPAD_DIVIDE:111,NUMPAD_ENTER:</span></div>
<div class='line'><span class='default'>108,NUMPAD_MULTIPLY:106,NUMPAD_SUBTRACT:109,PAGE_DOWN:34,PAGE_UP:33,PERIOD:</span></div>
<div class='line'><span class='default'>190,RIGHT:39,SHIFT:16,SPACE:32,TAB:9,UP:38,WINDOWS:91}}),a.fn.extend({propAttr:</span></div>
<div class='line'><span class='default'>a.fn.prop||a.fn.attr,_focus:a.fn.focus,focus:function(b,c){return typeof b=="number"?this.each(function(){var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;setTimeout(function(){a(d).focus(),c&&c.call(d)},b)}):this._focus.</span></div>
<div class='line'><span class='default'>apply(this,arguments)},scrollParent:function(){var b;a.browser.msie&&/(static|relative)/.test(this.css("position"))||/absolute/.</span></div>
<div class='line'><span class='default'>test(this.css("position"))?</span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>this.parents</span><span class='default'>().filter(function(){return/(relative|a</span></div>
<div class='line'><span class='default'>bsolute|fixed)/.test(a.curCSS(this,"position",1))&&/(auto|scroll)/.test(a.</span></div>
<div class='line'><span class='default'>curCSS(this,"overflow",1)+a.curCSS(this,"overflow-y",1)+a.curCSS(this,"overflow-</span></div>
<div class='line'><span class='default'>x",1))}).eq(0):</span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>this.parents</span><span class='default'>().filter(function(){return/(auto|scroll)/.</span></div>
<div class='line'><span class='default'>test(a.curCSS(this,"overflow",1)+a.curCSS(this,"overflow-y",1)+a.curCSS(this,"ov</span></div>
<div class='line'><span class='default'>erflow-x",1))}).eq(0);return/fixed/.test(this.css("position"))||!b.length?a(docu</span></div>
<div class='line'><span class='default'>ment):b},zIndex:function(c){if(c!==b)return this.css("zIndex",c);if(this.length){var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>(this[0]),e,f;while(d.length&&d[0]!==document){</span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>d.css</span><span class='default'>("position");</span></div>
<div class='line'><span class='default'>if(e==="absolute"||e==="relative"||e==="fixed"){</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>parseInt</span><span class='default'>(d.css("zIndex"),10);</span></div>
<div class='line'><span class='default'>if(!isNaN(f)&&f!==0)return f}</span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>d.parent</span><span class='default'>()}}return 0},disableSelection:function(){return this.bind((a.support.selectstart?"selectstart":"mousedown")+".ui-disableSelectio</span></div>
<div class='line'><span class='default'>n",function(a){a.preventDefault()})},enableSelection:function(){return this.unbind(".ui-disableSelection")}}),a.each(["Width","Height"],function(c,d){f</span></div>
<div class='line'><span class='default'>unction h(b,c,d,f){a.each(e,function(){c-=parseFloat(a.curCSS(b,"padding"+this,!0))||0,d</span></div>
<div class='line'><span class='default'>&&(c-=parseFloat(a.curCSS(b,"border"+this+"Width",!0))||0),f&&(c-=parseFloat(a.</span></div>
<div class='line'><span class='default'>curCSS(b,"margin"+this,!0))||0)});return c}var </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>d</span><span class='default'>==="Width"?["Left","Right"]:["Top","Bottom"],</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>d.toLowerCase</span><span class='default'>(),g={innerWidth:</span></div>
<div class='line'><span class='default'>a.fn.innerWidth,innerHeight:a.fn.innerHeight,outerWidth:a.fn.outerWidth,outerHei</span></div>
<div class='line'><span class='default'>ght:a.fn.outerHeight};a.fn["inner"+d]=function(c){if(c===b)return g["inner"+d].call(this);return this.each(function(){a(this).css(f,h(this,c)+"px")})},a.fn["outer"+d]=function(b</span></div>
<div class='line'><span class='default'>,c){if(typeof b!="number")return g["outer"+d].call(this,b);return this.each(function(){a(this).css(f,h(this,b,!0,c)+"px")})}}),a.extend(a.</span></div>
<div class='line'><span class='default'>expr[":"],{data:function(b,c,d){return!!a.data(b,d[3])},focusable:function(b){re</span></div>
<div class='line'><span class='default'>turn c(b,!isNaN(a.attr(b,"tabindex")))},tabbable:function(b){var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>a.attr</span><span class='default'>(b,"tabindex"),</span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>isNaN</span><span class='default'>(d);return(e||d></span><span class='Text'>=0)&&c(b,!e)}}),a(function(){var b=document.body,c=b.appendChild(c=document.createElement("div"));c.offsetHeight,</span></div>
<div class='line'><span class='Text'>a.extend(c.style,{minHeight:"100px",height:"auto",padding:0,borderWidth:</span></div>
<div class='line'><span class='Text'>0}),a.support.minHeight=c.offsetHeight===100,a.support.selectstart="onselectstar</span></div>
<div class='line'><span class='Text'>t"in c,b.removeChild(c).style.display="none"}),a.extend(a.ui,{plugin:{add:function(b,</span></div>
<div class='line'><span class='Text'>c,d){var e=a.ui[b].prototype;for(var f in d)e.plugins[f]=e.plugins[f]||[],e.plugins[f].push([c,d[f]])},call:function(a,b,c</span></div>
<div class='line'><span class='Text'>){var d=a.plugins[b];if(!!d&&!!a.element[0].parentNode)for(var e=0;e</span><span class='default'>&lt;</span><span class='ElementName'>d</span><span class='default'>.length;e++)a.options[d[e][0]]&&d[e][1].apply(a.element,c)}},contains:</span></div>
<div class='line'><span class='default'>function(a,b){return document.compareDocumentPosition?a.compareDocumentPosition(b)&16:a!==b&</span></div>
<div class='line'><span class='default'>&a.contains(b)},hasScroll:function(b,c){if(a(b).css("overflow")==="hidden")retur</span></div>
<div class='line'><span class='default'>n!1;var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>c</span><span class='default'>&&c==="left"?"scrollLeft":"scrollTop",e=!1;if(b[d]></span><span class='Text'>0)return!0;b[d]=1,e=b[d]></span></div>
<div class='line'><span class='Text'>0,b[d]=0;return e},isOverAxis:function(a,b,c){return a>b&&a</span><span class='default'>&lt;</span><span class='ElementName'>b</span><span class='default'>+c},isOver:function(b,c,d,e,f,g){return a.ui.isOverAxis(b,d,f)&&a.ui.isOverAxis(c,e,g)}}))})(jQuery);/*!</span></div>
<div class='line'><span class='default'> * jQuery UI Widget 1.8.18</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)</span></div>
<div class='line'><span class='default'> * Dual licensed under the MIT or GPL Version 2 licenses.</span></div>
<div class='line'><span class='default'> * http://jquery.org/license</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * http://docs.jquery.com/UI/Widget</span></div>
<div class='line'><span class='default'> */(function(a,b){if(a.cleanData){var </span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>a.cleanData</span><span class='default'>;a.</span><span class='AttrName'>cleanData</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(b){for(var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>0</span><span class='default'>,e;(</span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>b</span><span class='default'>[d])!=null;d++)try{a(e).triggerHandler("remove")}catch(f){}c(b)}}else{</span></div>
<div class='line'><span class='default'>var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>a.fn.remove</span><span class='default'>;a.fn.</span><span class='AttrName'>remove</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(b,c){return this.each(function(){c||(!b||a.filter(b,[this]).length)&&a("*",this).add([this])</span></div>
<div class='line'><span class='default'>.each(function(){try{a(this).triggerHandler("remove")}catch(b){}});return d.call(a(this),b,c)})}}a.</span><span class='AttrName'>widget</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(b,c,d){var </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>b.split</span><span class='default'>(".")[0],f;</span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>b.split</span><span class='default'>(".")[1],</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>e</span><span class='default'>+"-"+b,d||(</span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>c</span><span class='default'>,</span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>a.Widget</span><span class='default'>),a.</span></div>
<div class='line'><span class='default'>expr[":"][f]=function(c){return!!a.data(c,b)},a[e]=a[e]||{},a[e][b]=function(a,b</span></div>
<div class='line'><span class='default'>){arguments.length&&this._createWidget(a,b)};var </span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>new</span><span class='default'> c;g.</span><span class='AttrName'>options</span><span class='default'>=</span><span class='AttrValue'>a.extend</span><span class='default'>(!0,{},g.options),a[e][b].</span><span class='AttrName'>prototype</span><span class='default'>=</span><span class='AttrValue'>a.extend</span><span class='default'>(!0,g,{namespace</span></div>
<div class='line'><span class='default'>:e,widgetName:b,widgetEventPrefix:a[e][b].prototype.widgetEventPrefix||b,widgetB</span></div>
<div class='line'><span class='default'>aseClass:f},d),a.widget.bridge(b,a[e][b])},a.widget.</span><span class='AttrName'>bridge</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(c,d){a.</span></div>
<div class='line'><span class='default'>fn[c]=function(e){var </span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>typeof</span><span class='default'> e=="string",</span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>Array.prototype.slice.call</span><span class='default'>(arguments,1),</span><span class='AttrName'>h</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;e=!f&&g.length?a.</span></div>
<div class='line'><span class='default'>extend.apply(null,[!0,e].concat(g)):e;if(f&&e.charAt(0)==="_")return h;f?this.each(function(){var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>a.data</span><span class='default'>(this,c),</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>d</span><span class='default'>&&a.isFunction(d[e])?d[e].apply(d,g):d;if(f!==d&&f!==b){</span><span class='AttrName'>h</span><span class='default'>=</span><span class='AttrValue'>f</span><span class='default'>;</span><span class='AttrValue'><br /></span></div>
<div class='line'><span class='default'>return!1}}):this.each(function(){var </span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>a.data</span><span class='default'>(this,c);b?b.option(e||{})._init():a.data(this,c,new d(e,this))});return h}},a.</span><span class='AttrName'>Widget</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(a,b){arguments.length&&this._createWidget(a,b)},a.</span></div>
<div class='line'><span class='default'>Widget.prototype={widgetName:"widget",widgetEventPrefix:"",options:{disabled:</span></div>
<div class='line'><span class='default'>!1},_createWidget:function(b,c){a.data(c,this.widgetName,this),this.</span><span class='AttrName'>element</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>(c)</span></div>
<div class='line'><span class='default'>,this.</span><span class='AttrName'>options</span><span class='default'>=</span><span class='AttrValue'>a.extend</span><span class='default'>(!0,{},this.options,this._getCreateOptions(),b);</span></div>
<div class='line'><span class='default'>var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;this.element.bind("remove."+this.widgetName,function(){d.destroy()}),this</span></div>
<div class='line'><span class='default'>._create(),this._trigger("create"),this._init()},_getCreateOptions:function(){re</span></div>
<div class='line'><span class='default'>turn a.metadata&&a.metadata.get(this.element[0])[this.widgetName]},_create:</span></div>
<div class='line'><span class='default'>function(){},_init:function(){},destroy:function(){this.element.unbind(".</span></div>
<div class='line'><span class='default'>"+this.widgetName).removeData(this.widgetName),this.widget().unbind(".</span></div>
<div class='line'><span class='default'>"+this.widgetName).removeAttr("aria-disabled").removeClass(this.widgetBaseClass+</span></div>
<div class='line'><span class='default'>"-disabled "+"ui-state-disabled")},widget:function(){return this.element},option:function(c,d){var </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>c</span><span class='default'>;if(arguments.length===0)return a.extend({},this.options);if(typeof c=="string"){if(d===b)return this.options[c];e={},e[c]=d}this._setOptions(e);return this},_setOptions:function(b){var </span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;a.each(b,function(a,b){c._setOption(a,b)});return this},_setOption:function(a,b){this.options[a]=b,a==="disabled"&&this.</span></div>
<div class='line'><span class='default'>widget()[b?"addClass":"removeClass"](this.widgetBaseClass+"-disabled"+" "+"ui-state-disabled").attr("aria-disabled",b);return this},enable:function(){return this._setOption("disabled",!1)},disable:function(){return this._setOption("disabled",!0)},_trigger:function(b,c,d){var e,f,</span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>this.options</span><span class='default'>[b];</span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>d</span><span class='default'>||{},</span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>a.Event</span><span class='default'>(c),c.type=(b===this.widgetEventPrefix?b:</span></div>
<div class='line'><span class='default'>this.widgetEventPrefix+b).toLowerCase(),c.</span><span class='AttrName'>target</span><span class='default'>=</span><span class='AttrValue'>this.element</span><span class='default'>[0],</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>c.originalEve</span></div>
<div class='line'><span class='AttrValue'>nt</span><span class='default'>;if(f)for(e in f)e in c||(c[e]=f[e]);this.element.trigger(c,d);return!(a.isFunction(g)&&g.call(this.</span></div>
<div class='line'><span class='default'>element[0],c,d)===!1||c.isDefaultPrevented())}}})(jQuery);/*!</span></div>
<div class='line'><span class='default'> * jQuery UI Mouse 1.8.18</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)</span></div>
<div class='line'><span class='default'> * Dual licensed under the MIT or GPL Version 2 licenses.</span></div>
<div class='line'><span class='default'> * http://jquery.org/license</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * http://docs.jquery.com/UI/Mouse</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * Depends:</span></div>
<div class='line'><span class='default'> *	jquery.ui.widget.js</span></div>
<div class='line'><span class='default'> */(function(a,b){var c=!1;a(document).mouseup(function(a){c=!1}),a.widget("ui.mouse",{options:</span></div>
<div class='line'><span class='default'>{cancel:":input,option",distance:1,delay:0},_mouseInit:function(){var </span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;this.element.bind("mousedown."+this.widgetName,function(a){return b._mouseDown(a)}).bind("click."+this.widgetName,function(c){if(!0===a.</span></div>
<div class='line'><span class='default'>data(c.target,b.widgetName+".preventClickEvent")){a.removeData(c.target,b.</span></div>
<div class='line'><span class='default'>widgetName+".preventClickEvent"),c.stopImmediatePropagation();return!1}}),this.</span></div>
<div class='line'><span class='default'>started=!1},_mouseDestroy:function(){this.element.unbind("."+this.widgetName)},_</span></div>
<div class='line'><span class='default'>mouseDown:function(b){if(!c){this._mouseStarted&&this._mouseUp(b),this.</span></div>
<div class='line'><span class='default'>_</span><span class='AttrName'>mouseDownEvent</span><span class='default'>=</span><span class='AttrValue'>b</span><span class='default'>;var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>,</span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>b.which</span><span class='default'>==1,</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>typeof</span><span class='default'> this.options.cancel=="string"&&b.target.nodeName?a(b.target).closest(this.</span></div>
<div class='line'><span class='default'>options.cancel).length:!1;if(!e||f||!this._mouseCapture(b))return!0;this.</span></div>
<div class='line'><span class='default'>mouseDelayMet=!this.options.delay,this.mouseDelayMet||(this._</span><span class='AttrName'>mouseDelayTimer</span><span class='default'>=</span><span class='AttrValue'>set</span></div>
<div class='line'><span class='AttrValue'>Timeout</span><span class='default'>(function(){d.mouseDelayMet=!0},this.options.delay));if(this._mouseDistan</span></div>
<div class='line'><span class='default'>ceMet(b)&&this._mouseDelayMet(b)){this._</span><span class='AttrName'>mouseStarted</span><span class='default'>=</span><span class='AttrValue'>this.</span><span class='default'>_mouseStart(b)!==!1;</span></div>
<div class='line'><span class='default'>if(!this._mouseStarted){b.preventDefault();return!0}}!0===a.data(b.target,this.</span></div>
<div class='line'><span class='default'>widgetName+".preventClickEvent")&&a.removeData(b.target,this.widgetName+".</span></div>
<div class='line'><span class='default'>preventClickEvent"),this._</span><span class='AttrName'>mouseMoveDelegate</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(a){return d._mouseMove(a)},this._</span><span class='AttrName'>mouseUpDelegate</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(a){return d._mouseUp(a)},a(document).bind("mousemove."+this.widgetName,this._mouseMoveDele</span></div>
<div class='line'><span class='default'>gate).bind("mouseup."+this.widgetName,this._mouseUpDelegate),b.preventDefault(),</span></div>
<div class='line'><span class='default'>c=!0;return!0}},_mouseMove:function(b){if(a.browser.msie&&!(document.documentMod</span></div>
<div class='line'><span class='default'>e>=9)&&!b.button)return this._mouseUp(b);if(this._mouseStarted){this._mouseDrag(b);return b.preventDefault()}this._mouseDistanceMet(b)&&this._mouseDelayMet(b)&&</span></div>
<div class='line'><span class='default'>(this._</span><span class='AttrName'>mouseStarted</span><span class='default'>=</span><span class='AttrValue'>this.</span><span class='default'>_mouseStart(this._mouseDownEvent,b)!==!1,this.</span></div>
<div class='line'><span class='default'>_mouseStarted?this._mouseDra...[TRUNCATED]...</span></div>

        </div>
        <div class="page-break"></div>
        <div class="block-header bg-primary">
                <a name="c16ea3a23fa940f9932dd7c211fdc9da"></a>
            ID 46409649 - https://www.nestle-waters.cn:443/Content/js/jquery-ui-datepicker.js
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET /Content/js/jquery-ui-datepicker.js HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Referer:</span><span class='HeaderValue'> https://www.nestle-waters.cn/</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.nestle-waters.cn</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> */*</span></div>
<div class='line'><span class='HeaderName'>Accept-Language:</span><span class='HeaderValue'> en-US,en;q=0.5</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>X-AscRawUrl:</span><span class='HeaderValue'> /Content/js/jquery-ui-datepicker.js</span></div>
<div class='line'><span class='HeaderName'>Pragma:</span><span class='HeaderValue'> no-cache</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> Keep-Alive</span></div>
<div class='line'><span class='HeaderName'>X-Scan-Memo:</span><span class='HeaderValue'> ScriptEngine="Gecko"; Category="Crawl"; SID="0852CE834409D71D0EE727BC033BD7AF"; PSID="E6566F613CE4F66E9B05E7E15D094F46"; SessionType="Crawl"; CrawlType="ScriptInclude"; AttackType="None"; OriginatingEngineID="00000000-0000-0000-0000-000000000000"; ThreadId="639"; ThreadType="JScriptEvent"; </span></div>
<div class='line'><span class='HeaderName'>X-RequestManager-Memo:</span><span class='HeaderValue'> sid="1315"; smi="0"; sc="1"; ID="b40a2e58-e05c-45f7-b85a-d4bf653e42ca"; </span></div>
<div class='line'><span class='HeaderName'>X-Request-Memo:</span><span class='HeaderValue'> ID="0c273360-60eb-4c1a-8554-f373be7a6a8f"; sc="1"; ThreadId="639"; </span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> CustomCookie=WebInspect122860ZX38A625F6A3164D32AE7BC3B51B1FE5DBY1470;ASP.</span></div>
<div class='line'><span class='HeaderValue'>NET_SessionId=aao3hmd1pwqfgni02sutpakq;TS011e36f3=01851f6ed5c2b4c3df2c91699f2279</span></div>
<div class='line'><span class='HeaderValue'>7499cf1794437a2436c30bb69fc2fc58cbdf8ff0152188afc668897bac21c90e212d3caf6730</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 200 OK</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> application/javascript</span></div>
<div class='line'><span class='HeaderName'>Last-Modified:</span><span class='HeaderValue'> Fri, 06 Nov 2015 02:29:16 GMT</span></div>
<div class='line'><span class='HeaderName'>Accept-Ranges:</span><span class='HeaderValue'> bytes</span></div>
<div class='line'><span class='HeaderName'>ETag:</span><span class='HeaderValue'> "0668fee3a18d11:0"</span></div>
<div class='line'><span class='HeaderName'>Vary:</span><span class='HeaderValue'> Accept-Encoding</span></div>
<div class='line'><span class='HeaderName'>X-Powered-By:</span><span class='HeaderValue'> ASP.NET</span></div>
<div class='line'><span class='HeaderName'>Date:</span><span class='HeaderValue'> Fri, 02 Feb 2018 13:39:52 GMT</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 51754</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>/*!</span></div>
<div class='line'><span class='default'> * jQuery UI 1.8.18</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)</span></div>
<div class='line'><span class='default'> * Dual licensed under the MIT or GPL Version 2 licenses.</span></div>
<div class='line'><span class='default'> * http://jquery.org/license</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * http://docs.jquery.com/UI</span></div>
<div class='line'><span class='default'> */(function(a,b){function d(b){return!a(b).parents().andSelf().filter(function(){return a.curCSS(this,"visibility")==="hidden"||a.expr.filters.hidden(this)}).</span></div>
<div class='line'><span class='default'>length}function c(b,c){var </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>b.nodeName.toLowerCase</span><span class='default'>();if("area"===e){var </span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>b.parentNode</span><span class='default'>,</span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>f.name</span><span class='default'>,h;if(!b.href||!g||f.nodeName.toLowerCase()!=="map")retur</span></div>
<div class='line'><span class='default'>n!1;</span><span class='AttrName'>h</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>("img[</span><span class='AttrName'>usemap</span><span class='default'>=</span><span class='AttrValue'>#</span><span class='default'>"+g+"]")[0];return!!h&&d(h)}return(/input|select|textarea|b</span></div>
<div class='line'><span class='default'>utton|object/.test(e)?!b.disabled:"a"==e?b.href||c:c)&&d(b)}a.</span><span class='AttrName'>ui</span><span class='default'>=</span><span class='AttrValue'>a.ui</span><span class='default'>||{};</span></div>
<div class='line'><span class='default'>a.ui.version||(a.extend(a.ui,{version:"1.8.18",keyCode:{ALT:18,BACKSPACE:</span></div>
<div class='line'><span class='default'>8,CAPS_LOCK:20,COMMA:188,COMMAND:91,COMMAND_LEFT:91,COMMAND_RIGHT:93,CONTROL:</span></div>
<div class='line'><span class='default'>17,DELETE:46,DOWN:40,END:35,ENTER:13,ESCAPE:27,HOME:36,INSERT:45,LEFT:</span></div>
<div class='line'><span class='default'>37,MENU:93,NUMPAD_ADD:107,NUMPAD_DECIMAL:110,NUMPAD_DIVIDE:111,NUMPAD_ENTER:</span></div>
<div class='line'><span class='default'>108,NUMPAD_MULTIPLY:106,NUMPAD_SUBTRACT:109,PAGE_DOWN:34,PAGE_UP:33,PERIOD:</span></div>
<div class='line'><span class='default'>190,RIGHT:39,SHIFT:16,SPACE:32,TAB:9,UP:38,WINDOWS:91}}),a.fn.extend({propAttr:</span></div>
<div class='line'><span class='default'>a.fn.prop||a.fn.attr,_focus:a.fn.focus,focus:function(b,c){return typeof b=="number"?this.each(function(){var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;setTimeout(function(){a(d).focus(),c&&c.call(d)},b)}):this._focus.</span></div>
<div class='line'><span class='default'>apply(this,arguments)},scrollParent:function(){var b;a.browser.msie&&/(static|relative)/.test(this.css("position"))||/absolute/.</span></div>
<div class='line'><span class='default'>test(this.css("position"))?</span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>this.parents</span><span class='default'>().filter(function(){return/(relative|a</span></div>
<div class='line'><span class='default'>bsolute|fixed)/.test(a.curCSS(this,"position",1))&&/(auto|scroll)/.test(a.</span></div>
<div class='line'><span class='default'>curCSS(this,"overflow",1)+a.curCSS(this,"overflow-y",1)+a.curCSS(this,"overflow-</span></div>
<div class='line'><span class='default'>x",1))}).eq(0):</span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>this.parents</span><span class='default'>().filter(function(){return/(auto|scroll)/.</span></div>
<div class='line'><span class='default'>test(a.curCSS(this,"overflow",1)+a.curCSS(this,"overflow-y",1)+a.curCSS(this,"ov</span></div>
<div class='line'><span class='default'>erflow-x",1))}).eq(0);return/fixed/.test(this.css("position"))||!b.length?a(docu</span></div>
<div class='line'><span class='default'>ment):b},zIndex:function(c){if(c!==b)return this.css("zIndex",c);if(this.length){var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>(this[0]),e,f;while(d.length&&d[0]!==document){</span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>d.css</span><span class='default'>("position");</span></div>
<div class='line'><span class='default'>if(e==="absolute"||e==="relative"||e==="fixed"){</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>parseInt</span><span class='default'>(d.css("zIndex"),10);</span></div>
<div class='line'><span class='default'>if(!isNaN(f)&&f!==0)return f}</span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>d.parent</span><span class='default'>()}}return 0},disableSelection:function(){return this.bind((a.support.selectstart?"selectstart":"mousedown")+".ui-disableSelectio</span></div>
<div class='line'><span class='default'>n",function(a){a.preventDefault()})},enableSelection:function(){return this.unbind(".ui-disableSelection")}}),a.each(["Width","Height"],function(c,d){f</span></div>
<div class='line'><span class='default'>unction h(b,c,d,f){a.each(e,function(){c-=parseFloat(a.curCSS(b,"padding"+this,!0))||0,d</span></div>
<div class='line'><span class='default'>&&(c-=parseFloat(a.curCSS(b,"border"+this+"Width",!0))||0),f&&(c-=parseFloat(a.</span></div>
<div class='line'><span class='default'>curCSS(b,"margin"+this,!0))||0)});return c}var </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>d</span><span class='default'>==="Width"?["Left","Right"]:["Top","Bottom"],</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>d.toLowerCase</span><span class='default'>(),g={innerWidth:</span></div>
<div class='line'><span class='default'>a.fn.innerWidth,innerHeight:a.fn.innerHeight,outerWidth:a.fn.outerWidth,outerHei</span></div>
<div class='line'><span class='default'>ght:a.fn.outerHeight};a.fn["inner"+d]=function(c){if(c===b)return g["inner"+d].call(this);return this.each(function(){a(this).css(f,h(this,c)+"px")})},a.fn["outer"+d]=function(b</span></div>
<div class='line'><span class='default'>,c){if(typeof b!="number")return g["outer"+d].call(this,b);return this.each(function(){a(this).css(f,h(this,b,!0,c)+"px")})}}),a.extend(a.</span></div>
<div class='line'><span class='default'>expr[":"],{data:function(b,c,d){return!!a.data(b,d[3])},focusable:function(b){re</span></div>
<div class='line'><span class='default'>turn c(b,!isNaN(a.attr(b,"tabindex")))},tabbable:function(b){var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>a.attr</span><span class='default'>(b,"tabindex"),</span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>isNaN</span><span class='default'>(d);return(e||d></span><span class='Text'>=0)&&c(b,!e)}}),a(function(){var b=document.body,c=b.appendChild(c=document.createElement("div"));c.offsetHeight,</span></div>
<div class='line'><span class='Text'>a.extend(c.style,{minHeight:"100px",height:"auto",padding:0,borderWidth:</span></div>
<div class='line'><span class='Text'>0}),a.support.minHeight=c.offsetHeight===100,a.support.selectstart="onselectstar</span></div>
<div class='line'><span class='Text'>t"in c,b.removeChild(c).style.display="none"}),a.extend(a.ui,{plugin:{add:function(b,</span></div>
<div class='line'><span class='Text'>c,d){var e=a.ui[b].prototype;for(var f in d)e.plugins[f]=e.plugins[f]||[],e.plugins[f].push([c,d[f]])},call:function(a,b,c</span></div>
<div class='line'><span class='Text'>){var d=a.plugins[b];if(!!d&&!!a.element[0].parentNode)for(var e=0;e</span><span class='default'>&lt;</span><span class='ElementName'>d</span><span class='default'>.length;e++)a.options[d[e][0]]&&d[e][1].apply(a.element,c)}},contains:</span></div>
<div class='line'><span class='default'>function(a,b){return document.compareDocumentPosition?a.compareDocumentPosition(b)&16:a!==b&</span></div>
<div class='line'><span class='default'>&a.contains(b)},hasScroll:function(b,c){if(a(b).css("overflow")==="hidden")retur</span></div>
<div class='line'><span class='default'>n!1;var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>c</span><span class='default'>&&c==="left"?"scrollLeft":"scrollTop",e=!1;if(b[d]></span><span class='Text'>0)return!0;b[d]=1,e=b[d]></span></div>
<div class='line'><span class='Text'>0,b[d]=0;return e},isOverAxis:function(a,b,c){return a>b&&a</span><span class='default'>&lt;</span><span class='ElementName'>b</span><span class='default'>+c},isOver:function(b,c,d,e,f,g){return a.ui.isOverAxis(b,d,f)&&a.ui.isOverAxis(c,e,g)}}))})(jQuery);/*!</span></div>
<div class='line'><span class='default'> * jQuery UI Widget 1.8.18</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)</span></div>
<div class='line'><span class='default'> * Dual licensed under the MIT or GPL Version 2 licenses.</span></div>
<div class='line'><span class='default'> * http://jquery.org/license</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * http://docs.jquery.com/UI/Widget</span></div>
<div class='line'><span class='default'> */(function(a,b){if(a.cleanData){var </span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>a.cleanData</span><span class='default'>;a.</span><span class='AttrName'>cleanData</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(b){for(var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>0</span><span class='default'>,e;(</span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>b</span><span class='default'>[d])!=null;d++)try{a(e).triggerHandler("remove")}catch(f){}c(b)}}else{</span></div>
<div class='line'><span class='default'>var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>a.fn.remove</span><span class='default'>;a.fn.</span><span class='AttrName'>remove</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(b,c){return this.each(function(){c||(!b||a.filter(b,[this]).length)&&a("*",this).add([this])</span></div>
<div class='line'><span class='default'>.each(function(){try{a(this).triggerHandler("remove")}catch(b){}});return d.call(a(this),b,c)})}}a.</span><span class='AttrName'>widget</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(b,c,d){var </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>b.split</span><span class='default'>(".")[0],f;</span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>b.split</span><span class='default'>(".")[1],</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>e</span><span class='default'>+"-"+b,d||(</span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>c</span><span class='default'>,</span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>a.Widget</span><span class='default'>),a.</span></div>
<div class='line'><span class='default'>expr[":"][f]=function(c){return!!a.data(c,b)},a[e]=a[e]||{},a[e][b]=function(a,b</span></div>
<div class='line'><span class='default'>){arguments.length&&this._createWidget(a,b)};var </span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>new</span><span class='default'> c;g.</span><span class='AttrName'>options</span><span class='default'>=</span><span class='AttrValue'>a.extend</span><span class='default'>(!0,{},g.options),a[e][b].</span><span class='AttrName'>prototype</span><span class='default'>=</span><span class='AttrValue'>a.extend</span><span class='default'>(!0,g,{namespace</span></div>
<div class='line'><span class='default'>:e,widgetName:b,widgetEventPrefix:a[e][b].prototype.widgetEventPrefix||b,widgetB</span></div>
<div class='line'><span class='default'>aseClass:f},d),a.widget.bridge(b,a[e][b])},a.widget.</span><span class='AttrName'>bridge</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(c,d){a.</span></div>
<div class='line'><span class='default'>fn[c]=function(e){var </span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>typeof</span><span class='default'> e=="string",</span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>Array.prototype.slice.call</span><span class='default'>(arguments,1),</span><span class='AttrName'>h</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;e=!f&&g.length?a.</span></div>
<div class='line'><span class='default'>extend.apply(null,[!0,e].concat(g)):e;if(f&&e.charAt(0)==="_")return h;f?this.each(function(){var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>a.data</span><span class='default'>(this,c),</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>d</span><span class='default'>&&a.isFunction(d[e])?d[e].apply(d,g):d;if(f!==d&&f!==b){</span><span class='AttrName'>h</span><span class='default'>=</span><span class='AttrValue'>f</span><span class='default'>;</span><span class='AttrValue'><br /></span></div>
<div class='line'><span class='default'>return!1}}):this.each(function(){var </span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>a.data</span><span class='default'>(this,c);b?b.option(e||{})._init():a.data(this,c,new d(e,this))});return h}},a.</span><span class='AttrName'>Widget</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(a,b){arguments.length&&this._createWidget(a,b)},a.</span></div>
<div class='line'><span class='default'>Widget.prototype={widgetName:"widget",widgetEventPrefix:"",options:{disabled:</span></div>
<div class='line'><span class='default'>!1},_createWidget:function(b,c){a.data(c,this.widgetName,this),this.</span><span class='AttrName'>element</span><span class='default'>=</span><span class='AttrValue'>a</span><span class='default'>(c)</span></div>
<div class='line'><span class='default'>,this.</span><span class='AttrName'>options</span><span class='default'>=</span><span class='AttrValue'>a.extend</span><span class='default'>(!0,{},this.options,this._getCreateOptions(),b);</span></div>
<div class='line'><span class='default'>var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;this.element.bind("remove."+this.widgetName,function(){d.destroy()}),this</span></div>
<div class='line'><span class='default'>._create(),this._trigger("create"),this._init()},_getCreateOptions:function(){re</span></div>
<div class='line'><span class='default'>turn a.metadata&&a.metadata.get(this.element[0])[this.widgetName]},_create:</span></div>
<div class='line'><span class='default'>function(){},_init:function(){},destroy:function(){this.element.unbind(".</span></div>
<div class='line'><span class='default'>"+this.widgetName).removeData(this.widgetName),this.widget().unbind(".</span></div>
<div class='line'><span class='default'>"+this.widgetName).removeAttr("aria-disabled").removeClass(this.widgetBaseClass+</span></div>
<div class='line'><span class='default'>"-disabled "+"ui-state-disabled")},widget:function(){return this.element},option:function(c,d){var </span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>c</span><span class='default'>;if(arguments.length===0)return a.extend({},this.options);if(typeof c=="string"){if(d===b)return this.options[c];e={},e[c]=d}this._setOptions(e);return this},_setOptions:function(b){var </span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;a.each(b,function(a,b){c._setOption(a,b)});return this},_setOption:function(a,b){this.options[a]=b,a==="disabled"&&this.</span></div>
<div class='line'><span class='default'>widget()[b?"addClass":"removeClass"](this.widgetBaseClass+"-disabled"+" "+"ui-state-disabled").attr("aria-disabled",b);return this},enable:function(){return this._setOption("disabled",!1)},disable:function(){return this._setOption("disabled",!0)},_trigger:function(b,c,d){var e,f,</span><span class='AttrName'>g</span><span class='default'>=</span><span class='AttrValue'>this.options</span><span class='default'>[b];</span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>d</span><span class='default'>||{},</span><span class='AttrName'>c</span><span class='default'>=</span><span class='AttrValue'>a.Event</span><span class='default'>(c),c.type=(b===this.widgetEventPrefix?b:</span></div>
<div class='line'><span class='default'>this.widgetEventPrefix+b).toLowerCase(),c.</span><span class='AttrName'>target</span><span class='default'>=</span><span class='AttrValue'>this.element</span><span class='default'>[0],</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>c.originalEve</span></div>
<div class='line'><span class='AttrValue'>nt</span><span class='default'>;if(f)for(e in f)e in c||(c[e]=f[e]);this.element.trigger(c,d);return!(a.isFunction(g)&&g.call(this.</span></div>
<div class='line'><span class='default'>element[0],c,d)===!1||c.isDefaultPrevented())}}})(jQuery);/*!</span></div>
<div class='line'><span class='default'> * jQuery UI Mouse 1.8.18</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)</span></div>
<div class='line'><span class='default'> * Dual licensed under the MIT or GPL Version 2 licenses.</span></div>
<div class='line'><span class='default'> * http://jquery.org/license</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * http://docs.jquery.com/UI/Mouse</span></div>
<div class='line'><span class='default'> *</span></div>
<div class='line'><span class='default'> * Depends:</span></div>
<div class='line'><span class='default'> *	jquery.ui.widget.js</span></div>
<div class='line'><span class='default'> */(function(a,b){var c=!1;a(document).mouseup(function(a){c=!1}),a.widget("ui.mouse",{options:</span></div>
<div class='line'><span class='default'>{cancel:":input,option",distance:1,delay:0},_mouseInit:function(){var </span><span class='AttrName'>b</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>;this.element.bind("mousedown."+this.widgetName,function(a){return b._mouseDown(a)}).bind("click."+this.widgetName,function(c){if(!0===a.</span></div>
<div class='line'><span class='default'>data(c.target,b.widgetName+".preventClickEvent")){a.removeData(c.target,b.</span></div>
<div class='line'><span class='default'>widgetName+".preventClickEvent"),c.stopImmediatePropagation();return!1}}),this.</span></div>
<div class='line'><span class='default'>started=!1},_mouseDestroy:function(){this.element.unbind("."+this.widgetName)},_</span></div>
<div class='line'><span class='default'>mouseDown:function(b){if(!c){this._mouseStarted&&this._mouseUp(b),this.</span></div>
<div class='line'><span class='default'>_</span><span class='AttrName'>mouseDownEvent</span><span class='default'>=</span><span class='AttrValue'>b</span><span class='default'>;var </span><span class='AttrName'>d</span><span class='default'>=</span><span class='AttrValue'>this</span><span class='default'>,</span><span class='AttrName'>e</span><span class='default'>=</span><span class='AttrValue'>b.which</span><span class='default'>==1,</span><span class='AttrName'>f</span><span class='default'>=</span><span class='AttrValue'>typeof</span><span class='default'> this.options.cancel=="string"&&b.target.nodeName?a(b.target).closest(this.</span></div>
<div class='line'><span class='default'>options.cancel).length:!1;if(!e||f||!this._mouseCapture(b))return!0;this.</span></div>
<div class='line'><span class='default'>mouseDelayMet=!this.options.delay,this.mouseDelayMet||(this._</span><span class='AttrName'>mouseDelayTimer</span><span class='default'>=</span><span class='AttrValue'>set</span></div>
<div class='line'><span class='AttrValue'>Timeout</span><span class='default'>(function(){d.mouseDelayMet=!0},this.options.delay));if(this._mouseDistan</span></div>
<div class='line'><span class='default'>ceMet(b)&&this._mouseDelayMet(b)){this._</span><span class='AttrName'>mouseStarted</span><span class='default'>=</span><span class='AttrValue'>this.</span><span class='default'>_mouseStart(b)!==!1;</span></div>
<div class='line'><span class='default'>if(!this._mouseStarted){b.preventDefault();return!0}}!0===a.data(b.target,this.</span></div>
<div class='line'><span class='default'>widgetName+".preventClickEvent")&&a.removeData(b.target,this.widgetName+".</span></div>
<div class='line'><span class='default'>preventClickEvent"),this._</span><span class='AttrName'>mouseMoveDelegate</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(a){return d._mouseMove(a)},this._</span><span class='AttrName'>mouseUpDelegate</span><span class='default'>=</span><span class='AttrValue'>function</span><span class='default'>(a){return d._mouseUp(a)},a(document).bind("mousemove."+this.widgetName,this._mouseMoveDele</span></div>
<div class='line'><span class='default'>gate).bind("mouseup."+this.widgetName,this._mouseUpDelegate),b.preventDefault(),</span></div>
<div class='line'><span class='default'>c=!0;return!0}},_mouseMove:function(b){if(a.browser.msie&&!(document.documentMod</span></div>
<div class='line'><span class='default'>e>=9)&&!b.button)return this._mouseUp(b);if(this._mouseStarted){this._mouseDrag(b);return b.preventDefault()}this._mouseDistanceMet(b)&&this._mouseDelayMet(b)&&</span></div>
<div class='line'><span class='default'>(this._</span><span class='AttrName'>mouseStarted</span><span class='default'>=</span><span class='AttrValue'>this.</span><span class='default'>_mouseStart(this._mouseDownEvent,b)!==!1,this.</span></div>
<div class='line'><span class='default'>_mouseStarted?this._mouseDra...[TRUNCATED]...</span></div>

        </div>
        <div class="page-break"></div>
    <h3>
        <span>6.3.5</span>
        <span>
                <a href="#SystemInformationLeakExternal">System Information Leak: External</a>
        </span>
        <span class="pull-right text-severity-low">Low</span>

    </h3>
        <div class="block-header bg-primary">
                <a name="58d33a0184ae4b758968bd128c4e8c65"></a>
            ID 46409651 - https://www.nestle-waters.cn:443/robots.txt
        </div>
        <div class="block-header bg-gray">Request</div>
        <div class="syntax">
            <div class='line'><span class='default'>GET /robots.txt HTTP/1.1</span></div>
<div class='line'><span class='HeaderName'>Referer:</span><span class='HeaderValue'> https://www.nestle-waters.cn/</span></div>
<div class='line'><span class='HeaderName'>Accept:</span><span class='HeaderValue'> */*</span></div>
<div class='line'><span class='HeaderName'>Pragma:</span><span class='HeaderValue'> no-cache</span></div>
<div class='line'><span class='HeaderName'>Accept-Encoding:</span><span class='HeaderValue'> gzip, deflate</span></div>
<div class='line'><span class='HeaderName'>User-Agent:</span><span class='HeaderValue'> Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0</span></div>
<div class='line'><span class='HeaderName'>Host:</span><span class='HeaderValue'> www.nestle-waters.cn</span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> Keep-Alive</span></div>
<div class='line'><span class='HeaderName'>X-Scan-Memo:</span><span class='HeaderValue'> Category="Audit.Attack"; SID="0BAC342FF4E8863D3EF4F4683B208108"; PSID="E6566F613CE4F66E9B05E7E15D094F46"; SessionType="AuditAttack"; CrawlType="None"; AttackType="Search"; OriginatingEngineID="65cee7d3-561f-40dc-b5eb-c0b8c2383fcb"; AttackSequence="0"; AttackParamDesc=""; AttackParamIndex="0"; AttackParamSubIndex="0"; CheckId="839"; Engine="Request+Modify"; SmartMode="NonServerSpecificOnly"; ThreadId="267"; ThreadType="AuditorStateRequestorPool"; </span></div>
<div class='line'><span class='HeaderName'>X-RequestManager-Memo:</span><span class='HeaderValue'> sid="1427"; smi="0"; sc="1"; ID="03b00f32-2ee7-4f5c-a9b2-0f84515ba10f"; </span></div>
<div class='line'><span class='HeaderName'>X-Request-Memo:</span><span class='HeaderValue'> ID="513474b5-cda8-428f-81d5-7a52cea36f2a"; sc="1"; ThreadId="496"; </span></div>
<div class='line'><span class='HeaderName'>Cookie:</span><span class='HeaderValue'> CustomCookie=WebInspect122860ZX38A625F6A3164D32AE7BC3B51B1FE5DBY1470;ASP.</span></div>
<div class='line'><span class='HeaderValue'>NET_SessionId=awyrpmhkxbowqjn12nexn3cw;TS011e36f3=01851f6ed52be73c73930c2293cbf5</span></div>
<div class='line'><span class='HeaderValue'>c74f513b3c8b8f10412b04ec50e6bb3e3a1b41a8c9def0602c183b0af205c6d30b1ed588257a</span></div>
<div class='line'><span class='default'><br /></span></div>

        </div>
        <div class="block-header bg-gray">Response</div>
        <div class="syntax">
            <div class='line'><span class='default'>HTTP/1.1 </span><span class='AttackSelection'>200</span><span class='default'> OK</span></div>
<div class='line'><span class='HeaderName'>Content-Type:</span><span class='HeaderValue'> text/plain</span></div>
<div class='line'><span class='HeaderName'>Last-Modified:</span><span class='HeaderValue'> Tue, 28 Jun 2016 11:45:33 GMT</span></div>
<div class='line'><span class='HeaderName'>Accept-Ranges:</span><span class='HeaderValue'> bytes</span></div>
<div class='line'><span class='HeaderName'>ETag:</span><span class='HeaderValue'> "20f93e9432d1d11:0"</span></div>
<div class='line'><span class='HeaderName'>Vary:</span><span class='HeaderValue'> Accept-Encoding</span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='StartAtLine'> ... Starting at line 9 ... </span></div>
<div class='line'><span class='StartAtLine'><br /></span></div>
<div class='line'><span class='HeaderName'>Connection:</span><span class='HeaderValue'> close</span></div>
<div class='line'><span class='HeaderName'>Content-Length:</span><span class='HeaderValue'> 77</span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>User-agent: *</span></div>
<div class='line'><span class='AttackSelection'>Disallow:</span><span class='default'><br /></span></div>
<div class='line'><span class='default'><br /></span></div>
<div class='line'><span class='default'>Sitemap: https://www.nestle-waters.cn/sitemap.xml</span></div>

        </div>
        <div class="page-break"></div>
<h2>Appendix - Descriptions of Key Terminology</h2>
<span id="appendix-a" data-bookmark-enabled="true" data-bookmark-level="1" data-bookmark-text="7. Appendix"></span>

<h3>Security Rating</h3>
<p>The Fortify on Demand 5-star assessment rating provides information on the likelihood and impact of defects present within an application. A perfect rating within this system would be 5 complete stars indicating that no high impact vulnerabilities were uncovered.</p>

<table class="table table-striped appendix-security-rating">
    <thead>
        <tr>
            <th>Rating</th>
            <th></th>
        </tr>
    </thead>
    <tbody>
        <tr>
            <td>
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
            </td>
            <td>Fortify on Demand awards one star to projects that undergo a Fortify on Demand security review, which analyzes a project for a variety of software security vulnerabilities.</td>
        </tr>
        <tr>
            <td>
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
            </td>
            <td>Fortify on Demand awards two stars to projects that undergo a Fortify on Demand security review that identifies no high likelihood / high impact issues. Vulnerabilities that are trivial to exploit and have a high business or technical impact should never exist in business-critical software.</td>
        </tr>
        <tr>
            <td>
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
            </td>
            <td>Fortify on Demand awards three stars to projects that undergo a Fortify on Demand security review that identifies no low likelihood / high impact issues and meets the requirements needed to receive two stars. Vulnerabilities that have a high impact, even if they are non-trivial to exploit, should never exist in business critical software.</td>
        </tr>
        <tr>
            <td>
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
            </td>
            <td>Fortify on Demand awards four stars to projects that undergo a Fortify on Demand security review that identifies no high likelihood / low impact issues and meets the requirements for three stars. Vulnerabilities that have a low impact, but are easy to exploit, should be considered carefully as they may pose a greater threat if an attacker exploits many of them as part of a concerted effort or leverages a low impact vulnerability as a stepping stone to mount a high-impact attack.</td>
        </tr>
        <tr>
            <td>
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
                <img src="" height="24" width="24" />
            </td>
            <td>Fortify on Demand awards five stars to projects that undergo a Fortify on Demand security review that identifies no issues.</td>
        </tr>
    </tbody>
</table>

<h3>Likelihood and Impact</h3>

<h4>Likelihood</h4>
<p>Likelihood is the probability that a vulnerability will be accurately identified and successfully exploited.</p>

<h4>Impact</h4>
<p>Impact is the potential damage an attacker could do to assets by successfully exploiting a vulnerability. This damage can be in the form of, but not limited to, financial loss, compliance violation, loss of brand reputation, and negative publicity.</p>

<h3>Fortify on Demand Priority Order</h3>

<h4 class="text-severity-critical">Critical</h4>
<p>Critical-priority issues have high impact and high likelihood. Critical-priority issues are easy to detect and exploit and result in large asset damage.
These issues represent the highest security risk to the application. As such, they should be remediated immediately.</p>
<p>SQL Injection is an example of a critical issue.</p>

<h4 class="text-severity-high">High</h4>
<p>High-priority issues have high impact and low likelihood. High-priority issues are often difficult to detect and exploit, but can result in large asset damage.
These issues represent a high security risk to the application. High priority issues should be remediated in the next scheduled patch release.</p>
<p>Password Management: Hardcoded Password is an example of a high issue.</p>

<h4 class="text-severity-medium">Medium</h4>
<p>Medium-priority issues have low impact and high likelihood. Medium-priority issues are easy to detect and exploit, but typically result in small asset damage.
These issues represent a moderate security risk to the application. Medium-priority issues should be remediated in the next scheduled product.</p>
<p>Path Manipulation is an example of a medium issue.</p>

<h4 class="text-severity-low">Low</h4>
<p>Low-priority issues have low impact and low likelihood. Low-priority issues can be difficult to detect and exploit and typically result in small asset damage.
These issues represent a minor security risk to the application. Low priority issues should be remediated as time allows.</p>
<p>Dead Code is an example of a low issue.</p>


<h3>Issue Status</h3>

<h4>New</h4>
<p>New issues are ones that have been identified for the first time in the most recent analysis of the application.</p>

<h4>Existing</h4>
<p>Existing issues are issues that have been found in a previous analysis of the application and are still present in the latest analysis.</p>

<h4>Reopened</h4>
<p>Reopened issues have been discovered in a previous analysis of the application but were not present in subsequent analyses. These issues are now present again in the most recent analysis of the application.</p>


<h3>Fortify on Demand Remediation Effort Estimate</h3>

<h4>Major Remediation</h4>
<p>Major remediation effort issues must often be addressed at multiple locations to fix the root problem.</p>

<h4>Minor Remediation</h4>
<p>Minor remediation effort issues can typically be addressed at the location of the root problem.</p>


<div class="page-break"></div>
    <p class='small text-muted'>
This report contains Micro Focus CONFIDENTIAL information, including but not limited to Micro Focus&#39;s analysis, techniques for analysis and recommendations.  This report may not be made public, used for competitive or consulting purposes or used outside of the recipient.
    <p>
  </body>
</html>
